Tuesday, September 06, 2005

The sad story of Palm Desktop -- OS X version

I use Missing Sync on my OS X machine and sync my wife's Palm to Apple's (feeble) calendaring and contact applications. Even ePocrates works, thanks to the bundled AvantGo conduit. So I'm far away from Palm Desktop for OS X. Still, I think it's worth mentioning just how bad this software is.
MacInTouch: timely news and tips about the Apple Macintosh

Art McGee raised a red flag about more file-permission abuse by bad installers:

I have just examined the contents of the Palm Desktop 4.2.1 Revision C package installer, and I have come to the conclusion that either PalmOne is intentionally trying to damage our computers, or the software is a trojan horse that someone uploaded in place of the real software.

After the program files are installed, the installer runs a shell script called "postflight" that attempts to "fix" any permissions issues which may prevent the program from running properly. Unfortunately, the script violates the most basic programming principle in the universe - thou shalt not alter the files of programs other than thyself - and it does it so blatantly that I can only assume malicious intent. At the end of the script, it runs a final set of commands to change permissions (The "$2" variable is replaced at runtime by "/"):..

While any bad changes to the "/", "/Applications", or "/Library" directories can be easily fixed by repairing permissions or issuing another single command, the most OUTRAGEOUS and potentially damaging change is the last one:

sudo chmod -R 775 "$2Library/Application Support"
sudo chown -R :admin "$2Library/Application Support"

The "/Library/Application Support" directory is where many programs place critical system-wide configuration and program files that are referenced on an as-needed basis. This is a directory whose permissions should NEVER be changed or altered, lest you end up breaking many of your installed apps. In particular, all sorts of system-level programs such as Anti-Virus and Disk Utilities place parts of themselves there, and any changes to their permissions will prevent them from loading at boot time. Even more dangerous, some programs place symbolic links from that directory to "/System/Library", and running a chmod command that recursively drills down that directory could end up completely trashing your entire system...
Art is apoplectic, but those who've followed Palm's swan dive into misery [1] know that that their "doers and visionaries" abandoned ship long ago. They're running on fumes now.

Things are no better on the XP platform. It's been about 5 years since Microsoft implemented a user-specific security model, and Palm still expects all conduits to be shared and all user accounts to be in a single directory.

Palm is a dead company. Shame.

[1] Matched only by Intuit, which lately claims it will fix US healthcare. Perhaps they follow the philosophy of bringing on the apocalypse to accelerate change.

No comments: