Archive for August, 2007

My Summer At Apple

Wednesday, August 29th, 2007

Three months ago, I posted about my experience with some of the most exciting tech companies that I had a chance to interview with and explained my decision behind joining Apple. This week, my internship comes to a close, and it’s time to review that decision and share with you my intern experience at Apple.

No amount of past experience and stories could’ve prepared me for the amazing time I had at Apple and I think I made one of the wisest decisions in my career this summer. My internship position at Apple was part of the Core OS group, which is mainly responsible for Mac OS X. However, this wasn’t just any Core OS internship — my job was at the forefront of Apple’s most anticipated product in decades — the iPhone.

When Steve Jobs announced that the iPhone would be running OS X, many people had doubts at first, since OS X had never been talked about in the embedded market. But clearly, the phone is indeed running the OS, and most of the Core frameworks and foundations that developers were used to seeing on the desktop are on the phone. Several teams at Apple were responsible for this, and none more critical then the Core OS Embedded Team, which I worked on. Although the specifics of my job and others around me is not something I can disclose, it’s needless to say that I worked with some of the brightest engineers at Apple, who took an x86 Desktop OS and turned it into a powerful embedded OS (everyone now knows that the iPhone is running on ARM) that still supported the same applications and frameworks as its counterpart.

As a Windows NT kernel expert and Intel x86 assembly guru and reverse engineer on a Dell laptop, the task of working with Darwin for ARM on a Mac Pro was new to me on all possible levels. And yet, I was able to succesfully leverage my knowledge of OS and kernel design, my attention to small details and interest in hardware-to-software relationships to surpass the goals of my internship, and pleasently surpise all levels of management as well as my co-workers. But how about the Apple internship experience?

Interns at Apple get some great benefits that other companies don’t always bother with, including a health care plan, relocation assistance (paid round-trip airfare) as well as a monthly housing stipend. My expenses this summer were minimal thanks to the care Apple makes into releaving interns of some typical moving-related stress. One of the coolest things about being an intern however, is the chance to attend Executive Speaker Series, which are weekly lunchtime events in which one of Apple’s senior executive staff comes to talk and interact with interns. The first one, was of course Steve Jobs himself. It’s not just for show either — one of the interns got up and asked Steve how he can get his idea across to an executive. Steve smiled and replied: “Go ahead.” In total, I think there must’ve been about 12 different speakers this year.

On the topic of selling ideas to executives, nothing works better then the iContest, in which teams of interns submit a feature or product design idea, improvement, or business plan for various judges to evaluate (made up of senior staff at Apple). The top 10 teams get to compete face-to-face, with a presentation to the judges (and other interns) followed by a harsh question and answer period in which the judges grill and roast the interns. What may make business sense to a 21 year old may sound like a bad idea to someone with 40 years of market experience, and they won’t be shy to let that be known. In the end, the comments are constructive, and like in any competition, the best ideas are usually scrutinized the most. The top three teams of this competition win a variety of prizes/awards, and most get their feature or idea implemented or marketed, so the contest results and presentations are some of the most confidential pieces of information an intern has to live with. My iContest idea was among the top ten chosen for the finale, and while we unfortunately did not win any of the top three prizes, I’m confident we came very close.

Talking and interacting with the senior staff doesn’t end there for interns. After about 8-10 weeks at Apple, interns in each group give a presentation to the VP of their division, as well as to the managers of other interns in that group. These presentations are usually very important to a succesfull internship program, since the quality of the intern usually reflects on their manager. This is another competitive event, as the managers get to vote on each presentation, and the top intern of each group gets to present to the Senior VP or President of the division, usually a member of the executive staff. My presentation to the VP/managers was chosen as the best and most interesting one, so I was invited to present to Bertrand Serlet, the Vice President of Software Engineering at Apple. Unfortunately, I had to attend Blackhat that week, so I gave my place to the second best intern. It’s worthwhile to mention that all interns had amazing presentations, and they all put hard work into their summer.

But Apple isn’t all about work and competing with other interns. Field trips and excursions, the food harvest, parties and welcome/goodbye dinners were some of the other fun activities offered to interns, who also got to attend WWDC 2007’s party for free. And of course, one can’t forget the corporate games, in which teams compete in a variety of games, from serious sports to water games and tug of war. Every day of the week, interns on the mailing list arranged various activities, from volleyball to movie and poker nights. Finally, interns had access to all the perks regular Apple employees have, including foosball and other game rooms, a sports court, the health and fitness center, as well as campus shuttles to the Caltrain station (with Wifi, of course!).

Even though the work environment at Apple is relaxed and flexible, I had to work hard, but the rewards and results were worth all the effort. The team I worked on (and the entire company) did a great job on the iPhone, and the future for Apple continues to be exciting and new innovations are always on the way. There are few more rewarding experiences than walking into an Apple Store and seeing people of all ages gaze in awe at our products. One day, those same people will be looking at a product, feature or device that I participated on, and I’ll smile back at them, knowing I had a hand in getting it on that shelf.

All in all, I’m defintely looking forward to returning to Cupertino once more.

To find more about the internship program at Apple, visit the official site here. Please don’t ask any questions outside the scope of what is mentionned on that page; there are even more exciting things going on at Apple, but you’ll have to come work here to find out!

Purple Pill: What Happened

Thursday, August 9th, 2007

Two weeks ago, I posted and published about a tool I wrote called Purple Pill, which used a bug in the ATI Vista x64 Video Driver to allow unsigned drivers to load. Within an hour, I pulled off the tool and the post, on my own accord, due to the fact I discovered ATI was not made aware of this particular flaw, and I wanted to follow responsible disclosure and allow ATI to fix their driver.

This flaw was especially severe, as it could be used for other purposes — including allowing a guest user access to a SYSTEM token, if the user was using a computer with an ATI Video Card. Therefore, it could have significant security implications beyond my original goal of bypassing Driver Signing on 64-bit Vista. On systems without the driver, administrative privileges would be required for any kind of attack. I originally thought this flaw had been reported to ATI since it was disclosed publically at Blackhat — something that’s usually only done once the presenter has notified the company. In this case, it seems this was not done, and I made an incorrect assumption. I should’ve checked the status of the flaw on my own, before posting the tool and I apologize for not having done so.

As for the act of bypassing driver signing, while I still disagree with Microsoft’s policy of not allowing users to set a permanent policy to explicitly allow this (at their own risk, perhaps even voiding support/warranty options), I have come to realize that attacking this policy isn’t the way to go. Microsoft has decided that Code Integrity is a new part of their security model and it’s not about to go away. Using kernel bugs to subvert it means that these measures would eventually be fixed, while exploiting 3rd party drivers potentially allows malware to figure out how to do this as well, and use the 3rd party driver maliciously. It is also a method that can be protected against, since Vista does have the ability to do per-driver blocking, and once the 3rd party vendor has upgraded all the customers, the older driver can be killed (or even shimmed against, since various kernel infrastructure in Vista allows for this kind of real-time patching).

I am currently exploring other avenues for allowing open source drivers to function on 64-bit Vista without requiring developers to pay for a certificate and deal with the  code signing authorities, while still respecting Vista’s KMCS policy, and continuing to protect against malicious drivers using such a method for their own gain. It is my hope to find a solution which will both please Microsoft and the KMCS policy, as well as make life easy for open source developers (and other non-commercial hobbyists) which for whatever reason don’t want to, or cannot, pay for a certificate.