November » 2006 » The Macalope

Ode to the wireless security affair

Posted November 14, 2006 By The Macalope and has 1 comment.

If you’re dying to relive those heady days of August and September, David Burke has keyed a 4,000-word love letter to the whole business (antler tip to Mr. Gruber via email) that just might keep you going through the winter.

Yes, you read that number right.

Four.

Thousand.

November must be the slow season for lawyerin’ up in Canada.

The Macalope can’t say he read the whole post (c’mon, it’s 4,000 words!) – he’ll wait for the movie. He did skim enough to see a few appearances by Artie MacStrawman and some idle speculation about Apple’s possible manipulation of the situation. Also, he noted that Burke doesn’t have a problem with the term “Apple apologists” (perhaps he should read some of the Macalope’s work on stock option backdating) but you won’t find the terms “SecureWorks apologists” or “Ellchistas” or “Branch David Maynoridians” anywhere in the piece.

He should get some credit for his ultimate conclusion, however.

The end result is that the Apple apologists win this one by a very fair default in my opinion. As I have always said, if there is a possibility that it may not be true, and those who should know if it is true cannot back up their claims then there is no good reason to believe it is true. So at this point it is a done deal.

Burke goes off the ranch and shows once and for all that he’s not George Ou’s sock puppet. He may actually even go too far as there is no real reason to believe Maynor and Ellch’s claim is false, either, despite the dogged determination of some to prove at any cost that OS X is too as insecure as Windows, dammit! (Hey, if they can have straw men then so can we!)

It is, quite simply, a claim that has not been proved.

As for this whole affair being a “done deal”, the Macalope thinks he’s sadly mistaken on that point.

Squeaky clean

Posted November 13, 2006 By The Macalope and has no comments yet.

Apple hires Donald Rosenberg as general counsel.

Let’s just perform a little non-scientific experiment.

Squeak.

That’s what the Macalope thought.

Trying too hard to be a contrarian

Posted November 10, 2006 By The Macalope and has 9 comments.

Silicon.com’s Jo Best just can’t come up with a convincing argument why an iPhone wouldn’t be cool.

But it doesn’t stop her from trying.

My iPod needs charging every day to play music for an hour or two.

Ah, yes, the Macalope has that same model. It looks like this.

Apple’s DRM is, well, awful.

When discussing Apple’s DRM, it is only really useful to compare its implimentation to anyone else’s. It is not useful to compare it to no DRM. It is self-evident that any DRM will be inherently worse than no DRM.

Because, honestly, the worst you can say about Apple’s DRM is that it’s at least as good as anyone else’s. Most people would argue that it’s better.

I’ve spent hours of my life convincing iTunes I should be allowed to play songs I either ripped from lawfully bought CDs or purchased from Apple itself on my laptop or my iPod.

Hours? To play songs you ripped? Then you are doing something seriously, drastically, idiotically wrong and need to seek professional help immediately.

Get thee to a Genius Bar.

I know Apple isn’t stupid and probably won’t put copy protection on my PIM-type content but I do not trust them in this area and would inspect closely their DRM policy on the iPhone before considering a purchase.

Sooo, you don’t fear that Apple will try to copy-protect your contacts, but somehow you don’t trust them… not to copy-protect your contacts? Wha-huh? You should really sort out your stand on these issues before you sit down and just start typing willy-nilly.

But I’ve got an iPod and a mobile and it hasn’t bothered me yet, despite the plethora of phones with built-in music players flooding the market.

The Macalope is in agreement here. His original shuffle probably has about as many songs as an iPhone would be likely to have, hardly takes up any extra space and acts as a USB drive to boot (well, not to boot… er… well, you know what the Macalope means).

Best then goes on to say what she likes about Apple products and why an iPhone might really be cool, but ultimately concludes she wants Apple to partner with Nokia on a phone that…

… take a deep breath…

…runs a mobile version of OS X.

Jo, dear, you haven’t been in Jason O’Grady’s meds, have you?

Much of Best’s piece is quite reasonable, which is what makes the conclusion so dunderheaded. It is an absurd truism that workers in the “marketplace of ideas” frequently feel the need to provide a contrarian opinion just for the sake of it.

“Hmm. No one has said that puppies and kittens are a blight upon our society. Quick! To the keyboard!”

Possibly they do it because it drives hits from, well, sites like this.

But is that the kind of business you want to be in?

Awwwww…

Posted November 9, 2006 By The Macalope and has 8 comments.

George Ou just realized his PlaysForSure music… uh… does not… so much…

…play for sure.

And it’s such a shame because he just downloaded all those kick-ass Kevin Federline tracks.

Simple answers to simple questions

By The Macalope and has 3 comments.

To try to screw up Apple’s business model.

Huh-huh! I said "phuc"!

Posted November 7, 2006 By The Macalope and has 24 comments.

HD Moore, author of the recent Zero-day exploit of Apple’s 802.11b drivers, is just so totally teh awesome funny!

According to him!

Here’s Moore congratulating himself on having the basic mental capacity of your average sixth-grader in coming up with “daringphucball.rb”.

“Normally I wouldn’t sink to this level but, damn it, it’s funny,” Moore said of his taunt to Daring Fireball.

Uh, yeah, it’s hysterical that Maynor and Ellch still haven’t provided public evidence of their claim and you’ve managed to create a completely different exploit and then forced a curse word into the name of a popular Mac blog.

Well, not really “laugh out loud” funny.

Wait, what’s supposed to be funny about that again?

Oh. That’s right. You said “phuc.”

Uh…

Yeah.

Despite the fact that Moore is being such a dick about it, you’ll notice there hasn’t been the same level of uproar about his exploit. Mostly because it’s on three-year-old systems, but also because he made a claim and he proved it. Contrast that to the precedent set by his good buddies, David Maynor and Jon “Johnny Cache!” Ellch.

These guys still don’t seem to get this, but it’s their arrogance that has chapped the Mac community’s ass, not the existence of any bugs.

OS X has bugs.

Everyone in the Mac community except Artie MacStrawman knows that. We actually like it when they’re found and patched. We’re kind of kooky that way.

What we don’t like is the big swinging dicks of hacking riding into town wildly waving lit cigarettes at everyone and shooting their mouths off to reporters with claims they then won’t back up because, oh, they forgot, they’re actually supposed to be selling that information but really it’s because Apple would sue them or, no, they’d love to explain it to everyone but they’ve got their period this week so you’ll have to wait a couple to twenty days.

You can read Moore’s pissy missive to John Gruber from several months ago here to see the genesis of this one-sided feud.

Your arrogance and complete naivete in all things security has finally gotten to me.

…

You could easily convince me that you aren’t a moron by flying to Austin (TX) and taking a standard IQ test in front of me. If you don’t show up by next week, I will have proved that you indeed are a moron, and will post to my blog to make it seem credible. If you do show up and score 100 or higher, I will pay for your airfare, otherwise you walk home.

…

The implications are obvious if you understand the details. If you don’t understand what remote code execution at ring-0 means, its not Johnny’s job to educate you (nor mine).

Then read the post by Gruber he’s responding to in which Gruber does nothing but ask questions and explain his frustration.

That arrogant bastard! How dare he question his betters?!

Moore makes a point of saying what great guys Maynor and Ellch are and how we should all just trust them that they’re right in this. Evidently, being a security professional is never having to explain yourself. Accusations – OK. Proof – optional. Gotcha.

You lowly users should just take the word of those in the l33t hacking community and if you don’t know what code execution at ring-0 is, well, why do you even have a computer? Gawd! You’re so stoopid!

“I picked up USB Wi-Fi adapters from six different vendors yesterday. It should be a busy week,” Moore said.

Moore’s week will probably go something like this:

Monday: Vigorously pat self on the back for inserting an obscenity into a website name.
Tuesday: Ice arm strained from vigorous self-congratulation.
Wednesday: Call David Maynor and Jon “Johnny Cache!” Ellch and talk about how hysterically funny it was to have put an obscenity into a website name.
Thursday: Spend entire day surfing for references to personal awesomeness in having put an obscenity into a website name.
Friday: Start to look for bugs in USB Wi-Fi adapters.

That’s a full week right there!

Mac users, if you’ve enjoyed Moore’s condescending attitude and charming schoolboy fascination with curse words, don’t worry! The “Month of Kernel Bugs” is supposed to cover all desktop operating systems, but you can bet that these guys will be paying special attention to OS X. And, of course, they’re going to find some.

Feel free to ignore the lame end-zone dancing when they do.

Shorter Douglas McIntyre of 24/7 Wall St.

Posted November 6, 2006 By The Macalope and has 12 comments.

The fact that many Windows users will have to buy new machines to run Vista is not a problem, it’s a feature.

Options are fun when you get a friend to play!

Posted November 4, 2006 By The Macalope and has 6 comments.

MacJournals News responds to the Macalope’s response to their post about Mark Anderson’s post about Apple’s stock options.

The game is afoot! Let the response to the response to the response to the response to someone else’s post begin!

So MJN did not miss the point as the Macalope said, so much as it chose to discount it.

MJN also provides some history on Graef Crystal and seems think he’s largely just interested in bashing Apple executives as being overpaid. Indeed, Crystal does engage in some truly tasteless construction.

Apparently, an option of that size didn’t stir Jobs to new heights of performance. On the contrary, he fell on his face, with the stock price plummeting to $18.30 a share by Oct. 19, 2001.

It was on that latter date that Apple’s board decided that he needed more motivation. So he was handed a second option grant, this one covering 7.5 million shares and carrying a strike price of $18.30.

Hmm. Why would that be? Well, it could have something to do with the iPod, which was announced on…

October 23, 2001.

Hmm.

HMM!

Starting an entirely new line of business, the company might have decided Jobs needed to have his compensation structure tied to that. And, of course, in retrospect Crystal’s caterwauling about Jobs’ performance is pretty embarrassing.

Give Steve a minute, dude. He’s just warming up.

So the Macalope will concede that the messenger has an agenda, but from what he’s read, it comes from a general dislike of large compensation packages for corporate execs, not a dislike of Apple per se. Also, it doesn’t mean he’s wrong about everything.

Such as how the company valued the shares Jobs received in March of 2003 in exchange for his options.

MJN’s believes that, because Steve Jobs can’t trade his stock options to anyone, they’re worth nothing.

Jobs was not “given the present value for the options in March 2003 using an industry-standard means of calculation” anywhere but in Graef Crystal-world, where he’s been inventing fantasy numbers for Jobs’ compensation since 2000.

Crystal and other critics continually try to value Jobs’ options using the Black-Scholes method of determining the present value of a future asset.

Uh, that’s probably because it’s an industry-standard means of calculating the present value of stock options.

Well, you keep saying that, Macalope, but how “industry-standard” is it?

It’s so industry-standard it was one of the two models that the Financial Accounting Standards Board (the accounting rule makers in the U.S.) had proposed should be required for calculating how to expense stock options when they tried to make that the law of the land in the early 1990s (before congress gallantly stepped in and insisted that options not be required to be expensed).

It’s also so industry-standard that a 2002 Ernst and Young report (PDF) said:

As indicated in our past surveys, the overwhelming majority of companies use the Black-Scholes option-pricing model for determining the fair value of employee stock options. A small minority of companies uses the binomial pricing model.

So, that’s how industry-standard it is.

Thanks for asking, Billy.

That was Billy, the artificial argument construct, ladies and gentlemen. Let’s give him a hand.

[Yay, Billy!]

Now, one could argue it’s not the right model to use. Indeed, it has since been seen as having the tendency to overvalue the options and the FASB has advised companies take care in using it. But it’s still the primary one that has been used at least until recently and not just by people who want to beat Steve Jobs over the head as MJN implies.

But as experts like Crystal continually refuse to tell their readers, Jobs can’t trade his stock options. If they’re worth US$523 million, they’re worth that only to Steve Jobs [in his own personal satisfaction]. Apple employees and directors cannot transfer their stock options; they can only sell the shares themselves once the stock options are exercised. Remember that: those 27,500,000 shares are worth exactly US$0 to anyone other than Steve Jobs.

Actually, that’s not true. They’re also worth something to Apple and consequently its shareholders. And the reason experts “refuse to tell their readers that Jobs can’t trade his stock options” is probably because it seems so darned obvious.

MJN, the Macalope is left to surmise, believes Apple took the options back solely to reduce exposure and then gave Jobs an unrelated $75 million for his troubles, a number the company just pulled out of its ass*.

Their value on the “open market” is manifestly irrelevant because they could not be traded on the open market.

This is absurd. The options’ value is tied to Apple’s stock which is traded on the open market. If Apple had had to expense the options (which, ironically, is pretty much exactly what they ended up doing by allowing Jobs to trade them in for directly-owned stock), it would have valued them based on either the Black-Scholes model or the binomial model and expensed that amount.

It’s perfectly possible that Crystal botched one or both of his calculations of Jobs’ options (as MJN shows, he came up with two different numbers) or that he used different inputs for the model each time, either based on better information the second time or a desire to get it to come out closer to $75 million.

To quote Monty Python, “It’s only a model.” The results are going to vary drastically depending on the inputs (and the competency and intentions of the modeler). As for Crystal’s numbers, it’s probably best to point out that one could get those results from the Black-Scholes model and Occam’s razor being what it is…

The Macalope would fall down dead, his hooves sticking straight up in the air if he were to find that Apple didn’t derive the $75 million figure by modeling the present value of Jobs’ options in March of 2003. And he thinks it’s highly likely the company used the Black-Scholes model.

It’s an industry standard, don’t you know. Just ask Billy.

The Macalope’s only real error below is that he failed to add a qualifier such as “highly likely” to his comment that Jobs was given the present cost based on an industry-standard model.

It is theoretically possible Apple just pulled the number out of its ass. It’s just really unlikely.

* The use of “pulled the number out of its ass” in this piece is a deliberate exaggeration.

An honest options problem

Posted November 2, 2006 By The Macalope and has 10 comments.

MacJournals News (antler tip to Daring Fireball) is the latest to rush to Steve Jobs’ defense in the stock options backdating imbroglio. Responding to a post by Mark Anderson, MJN writes:

To argue now, three and a half years later, that Jobs benefited because these options were underwater by US$30 per share instead of US$32 per share doesn’t pass the laugh test.

The Macalope is normally a fan of MJN’s work and is frankly shocked that it’s missed the point here.

The present value of the options is derived by a calculation based on an expectation of their future value, not based on the current trading price. Options that are “underwater” still have a value if there is a reasonable expectation that the price of the stock will rise.

As Graef Crystal has pointed out, Jobs was given the present value for the options in March 2003 using an industry-standard means of calculation. This value is calculated based on the strike price of the options, a price that was benefitial to Jobs. He received shares valued at $75 million. If he had received a less favorable strike price – such as that on the date he received the options – he would have received less in 2003.

Crystal calculated the current value of Jobs’ windfall to be $85 million.

In comments, Anderson responds to MJN’s post:

1. Although the options were indeed underwater, the point Greif [sic] Crystal (and other Wall Street analysts) made was that they were exchanged for other instruments, and so had some inherent value that was captured. Therefore, the underwater bit is irrelevant.

2. What Steve’s sale intent is or was is completely irrelevant to the question of legality. If I broke the speed limit, why I broke it won’t help me much.

Prior to that, Anderson speculates that Jobs:

Did in fact receive tainted options.

Did in fact exercise some of them, in some way, and receive personal benefit.

Did in fact know about the backdating practice.

You know, in this list, there is probably no need for a “d,” although being involved in approval of the transaction would be a definite zinger.

The Macalope is not inclined to agree with Anderson’s probably tongue-in-cheek contention that Apple would have been better off just outright lying about its backdated option grants, but, sadly, he is inclined to suspect that Anderson is correct about Jobs.

Still, it’s important to point out that we don’t know that at this point and we may never know.

A Wall Street source of the Macalope’s believes that how this will get resolved will probably get down to the SEC’s determination of its materiality. In the case of United Health Care, another instance where a CEO was considered personally inseperable from the performance of the company, William McGuire was forced to retire after reaping hundreds of millions of dollars in backdated options. Jobs apparently benefitted in the tens of millions, which may be insufficiently egregious in the eyes of the SEC.

The source also said the SEC – depending on the outcome of its investigation – could choose to fine Apple and/or force Jobs to return some of his shares. If the SEC determines that Jobs knew about the implications of backdating his options and still personally influenced their issue to him and sought to cover it up (the worst-case scenario), the board and the shareholders would be in an interesting position: sully the image of the company by retaining an unethical CEO or force Jobs to resign and watch the value of their stock tumble.

Yeesh.

Apple will, regardless, be required to calculate the differential between the options at the backdated prices and what they should have been issued at and take it as an expense in a future quarter, reducing its profit.

If the Macalope’s source is correct, Jobs will squeak through this on materiality. Other than those who invested in the company during the term of Jobs’ option grants but have since liquidated their holdings, this seems to be the best option for shareholders, customers and, of course, Apple’s executive corps.

Addendum: Commenter “anon” at Anderson’s blog says:

Fact: stock options can be granted at *any* strike price.

Fact: backdating is legal.

Fact: options backdating has no more bearing on shareholders than does giving him a $40m jet or paying him a $1 salary.

Fact: no one has gone to jail over this.

Yes. Yes. No. Yes.

If you give an executive a $40 million jet, you expense the lease or the depreciation on that jet and it hits the books over the period of its service. Not so with a backdated option grant. The true cost of the grant is hidden from shareholders, causing them to believe the company is in a better position than it really is and causing them to overvalue the stock in their portfolio.

ADDENDUM: See the Macalope’s response to MJN’s response to this post here.

Disclaimer: the Macalope holds an insignificant number of Apple shares. This post was edited slightly to put the attribution to Graef Crystal in the right spot and then edited again as MacJournals News is actually written by an editorial staff rather than just Matt Deatherage.

Can't chew gum and walk the talk

Posted November 1, 2006 By The Macalope and has 9 comments.

H D Moore, author of the Zero-Day exploit of Apple’s 802.11b drivers in an interview with InfoWorld in July:

One reason that Metasploit has done so well is that there’s no holier-than-thou attitude.

Mmm-hmm.

The file name of the exploit?

daringphucball.rb

Uh-huh.

The Macalope suggests not getting near Mr. Moore when he’s smoking.

« Previous page

Full of sound and furry