Mac OS X … Blessing or Curse?

These days my preferred desktop machine at home is my Power Mac G5. The machine is reasonably fast, very silent (or at least less noisy than the other machines) and runs Mac OS X.

And using Mac OS X on your desktop computer is nice:

  1. The user interface is easy to use, consistent (unless you use X11 applications), looks nice (a matter of taste of course) and is very fast despite the eye candy.
  2. Features like 3D acceleration (even for X11 applications) and dual head mode work out of the box without any tinkering.
  3. Mac OS X comes with most of the necessary multimeda bits and pieces to deal with today’s Internet (e.g. Macromedia Flash, Java and QuickTime). More stuff (e.g. Windows Media support, RealPlayer) is available as easy-to-install downloads.
  4. If iLife 06 is installed on your computer Mac OS X can store, manage and edit all your photos and videos created with your digital camera or camcorder.
  5. Watching a DVD works out of the box. Creating a video DVD is very easy thanks to applications like Roxio Toast Titanium.
  6. Connecting my father in law’s scanner-printer-combination went smoothly. The necessary drivers were on a CD-ROM comming with the printer. It took only a few mouse clicks to install them. Afterwards all the features of the printer including the scan button on the front worked without problems.
  7. And beneath the shiny surface there’s a real UNIX like operating system. All you need to do is launch the terminal application and you’ll get a shell prompt.

But not all is well in Mac OS X land:

  1. The basic security approach in Mac OS X is reasonable: users don’t use an adminstrator account (in UNIX terminology: you don’t login as root). If an operation requires administrator privileges Mac OS X asks for an administrator’s account and password first.
    But unfortunately Apple went to far too keep things nice and simple. They often forget security implications when adding new features.
    After installing Mac OS X you get automatically logged in. You have to change the configuration to enforce a login with account name and password. Another prime example is the default behaviour of the browser Safari. As soon as it has finished downloading a disk image (a file with a Mac OS X filesystem in it) it mounts the image automatically. And that can cause bad things including a kernel panic if the filesystem in the disk image is corrupted. A user which is a member of the administrator group is also allowed to change a lot of system settings by default which could compromise the system’s security. Fortunately you can (and should) tighten security by turning off all these features.
    Besides having an insecure default configuration Mac OS X also suffers from a lot of security problems caused by avoidable bugs. There was (before the last security update) a setuid shell scripts (bad idea) which used the user supplied command search path (you’re out).
  2. Integrating Mac OS X into a network seems easy. And managing your basic network configuration is pretty easy. Ad hoc access to a file server via CIFS is also well supported including a graphical network browser.
    But if you need a more sophisticated setup things become difficult. Something as simple as a static NFS mount is actually tricky. Performance of CIFS and NFS over TCP is very bad by default until you find the magic knob to tune the TCP performance. Certain features (e.g. remote desktop access) just don’t work for accounts managed by a network directory service (e.g. NIS).
  3. Mac OS X is also cranky from time to time. Something stops working and it is really hard to figure out why.
    Yesterday the installation of the Cisco VPN client would just not start on my wife’s PowerBook G4. She had to log out and log in again to make it work.
    My personal archenemy in Mac OS X is lookupd. Besides causing NIS problems it hung my Mac at least twice when Firefox tried to lookup an unresolvable hostname.

Does this mean that Mac OS X is just another Windows? I would actually argue that Windows is a bad Mac OS X imitation. A lot of the new features in Windows Vista are already available in Mac OS X Tiger or even older versions. And while the security problems in Mac OS X can be solved by a more restrictive default configuration and better quality assurance Windows still has fundamental problems.

Despite the present problems I’m still enjoying the blessing of Mac OS X … and curse it occasionally.