An History of CLIX


OS X is a Unix based platform. As interest in the platform grew, so also did the interest in providing simple GUI wrappers for rather obvious and common Unix tools the Unix community were familiar with but newcomers to OS X had never seen.

These GUI wrappers would invariably embed AppleScript code inside template Cocoa code which would in turn invoke simple Unix commands from behind the scenes. The newcomer would be unaware of any of this.

These wrappers also represented a real danger, as when needed they would supply an administrator pass phrase on the command line in full view of interlopers and rogue software. Authors of these products knew of this danger for years but said nothing, preferring to milk the market while they could.

Some even went so far as to store the pass phrase in plain text in a preference file, fully accessible to interlopers and rogue software. And although 'black hats' knew of these security holes, ordinary users knew nothing.

This type of product cannot be classified as 'software' as it isn't performing any task the user cannot already perform. Worse, in its attempts to obfuscate the truth of what is going on, significant disk space is wasted and the user is put at risk.

Some of these 'wrappers' were free; others were not; still others started free but pulled the good old 'bait and switch', and surreptitiously introduced time limited upgrades, overwriting previous free and unlimited versions.

Knowledge of this character should be free, and so CLIX was born to counteract the growing number of 'wrappers' in the OS X software market.

The creators of these 'wrappers' have also been called 'the wizards of OS X' in deference to the 'Wizard of OZ' who was no more than a trickster hiding behind a curtain.

[The latest, seen only this week and submitted as freeware by a PhD, was an entire megabyte to download and all it did - except it didn't tell you - was rename the file of your choosing with a dot ('.') in front of it. Never attribute to malice that which can be explained by an AppleScript Cocoa wrapper.]

The Key to CLIX

The key to CLIX is that it's not limited: you're not bound by a GUI imposed on you by a software vendor. You can make your own commands do what you want.

CLIX is constructed as a highly secure Cocoa document based application that reads 'CLIX' files and runs commands found in them.

Just as with a text editor, you are able to create new files and modify existing ones. CLIX is not a self-enclosed tutorial system: if you launch the program with no CLIX file specified (double-clicked) then yes, you get an empty CLIX window as you'd get an empty TextEdit window under the same circumstances.

Wondering why there's 'nothing there' is tantamount to launching TextEdit and saying 'but where's the text'.

CLIX creates and edits CLIX command files and runs the commands found in the files you create or open.

The Basic Layout

For your convenience CLIX has four columns of data in its windows: Title, Category, Description, and Command Line.

The first three fields are arbitrary: you're able to put whatever you want there to enable you to better organise things.

The Command Line field is the actual Unix command you will run. This field is of course not arbitrary in the same sense.

You don't need to save a command or save a CLIX file to run a command: just click the 'Run' button at any time. Conversely running a command does not save it: the two are not interrelated.

CLIX isn't an interactive console: some Unix commands expect further input or they grab control of the console window (Terminal.app's window). These command are not applicable for CLIX.

Put another (more technical) way, CLIX is a way to run 'batch commands' - no further user interaction required.

The overwhelming majority of UNIX commands fortunately fall into this category and the 'GUI wrapper' applications out there are not going to give you this interaction anyway: they too are essentially 'batch command' utilities.

Discovering CLIX

The way to discover CLIX is through discovering the included CLIX command files.

The initial idea was not to provide such a wealth of information: it was assumed the astute user would collate this independently. But as time went on CLIX users contributed with hundreds of commands (and command files) of their own.

Discovering OS X Defaults

Some of the domain of CLIX is about ordinary OS X 'desktop' maintenance that uses the 'defaults' command of NeXTSTEP extensively. This command is an easy way to set preferences for applications and the operating system itself.

These 'defaults' commands are smattered about the current CLIX file collection. You can easily find them by sorting by the Command Line field and searching / scrolling for them.

Discovering the BSD Subsystem

OS X comes with an extensive BSD subsystem of nearly 1,000 Unix programs and several thousand more helper files. You'll find mention of these in the 'misc', 'network', and 'system' CLIX files.

Hardening Your Subsystem

In the wake of Opener and Oompa Loompa it's more important than ever to harden your system against these easy exploits - and similar ones in the future. As the author of Opener told Rixstep, the hole that made Opener possible wasn't a hole - it was a crater.

CLIX comes with the special command file 'library.clix' which contains most of the commands you'll need to run.

And give the file 'security.clix' a peek at your earliest convenience.

CLIX Help

CLIX comes with its own help system but it also comes with a sophisticated Unix documentation system. This system can manifest itself in one of two ways.

By default CLIX will show the Unix documentation for commands in its own output window. The text and background colours are configured separately for this feature.

If you click the absolute lower left area of the CLIX command sheet you will see the entry field appear. Type in the name of your command and hit Enter. The Unix documentation for the command will appear in the window.

You can also option-double-click a word in the Command Line field: this will in turn invoke the search field mentioned above and render the Unix documentation as before.

Unix documentation also comes with a special 'apropos' feature: using this feature you can get all possible references to your search word.

You can use both the entry field in the CLIX command sheet and a double-click to get even 'apropos information': in the command sheet you preface your search word with '-k ' [note the space on the end] and you can cmd-double-click a word in the Command Line field to do the same thing.

CLIX & ManOpen

ManOpen is a free utility first developed for the NeXTSTEP platform and subsequently ported to modern OS X. It's a graphical interface on the Unix documentation. If you install ManOpen on your computer and instruct CLIX to use this utility, a separate window will pop up instead.

The CLIX command collection comes with a file called '_mo.clix' which should explain everything.

Get your free copy of ManOpen at the URL below.

http://clindberg.org/projects/ManOpen.html

CLIX & Security

A special word is necessary on the high level of security in CLIX. Anytime an application gains access to your administrator account pass phrase you may be at risk. A great many 'GUI wrapper' products treated this matter carelessly. Interlopers and rogue software could conduct 'data mining' and cull these pass phrases.

It's also important to never leave an authenticated program or system unguarded. Apple computers can go to sleep, and when waking can take considerable time to get around to updating sensitive system information.

The system modules controlling privilege escalation do not work on a kernel or driver level. They often rely on the system being able to tell them how much time has elapsed since last you invoked a command requiring authentication.

Because of all of this and more, CLIX is especially careful not to let interlopers or rogue software near your privilege escalation. Your pass phrase is never stored on disk and should your computer go to sleep, all vestiges of this pass phrase will be wiped from memory.

Further, any open Terminal.app console windows will also lose their authentication.

Finally, CLIX ends every command execution by 'killing' your authentication time stamp so no one can 'piggyback' on your session.

All things considered it's actually safer to run CLIX than to run Terminal.app.


CLIX
'Learn to Fish'
http://rixstep.com/clix

Copyright © Rixstep. All rights reserved.