Linked by Amjith Ramanujam on Sun 3rd Aug 2008 15:56 UTC, submitted by netpython
"Apple Inc. has pulled its security engineering team out of a planned public discussion on the company's security practices, which had been set for next week's Black Hat security conference in Las Vegas."
Thread beginning with comment 325430
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:2006-10-10
Member since:2005-07-08
I'm north american, and kinda get the baseball analogies, but you could just come out and say it.
If you're going to slam Apple....hit 'em. Don't screw around "gripping your bat".
If you're going to slam Apple....hit 'em. Don't screw around "gripping your bat".
Sorry, couldn't think of anything batter to say. ;-)
Seriously, when you're an Apple user, sometimes humor is the only response that's appropriate to the atrocious way they handle security.
Member since:2005-07-06
Forgive the baseball analogies non-North-American readers, but Apple is really batting .000 in the security department lately.
Meh, I'll do a translation. Apple maybe a great spin bowler on a good day, but when things go bad, its almost a certainty that they'll be hit for a six. They should counting themselves lucky that there are less men on the cricket ground, and the fact that the batter has his mind else where given the game is so low brow.
Member since:2005-08-10
RE[2]: Apple strikes out
by skingers6894 on Mon 4th Aug 2008 00:32
in reply to "RE: Apple strikes out"
Member since:2005-08-10
I don't mean to nitpick (far be it from me!) but since in your analogy Apple is bowling then more men on the field would be an advantage, not a disadvantage. With enough extra men on the ground you could crowd the bat and ring the boundary as well. Might make it hard to hit even the dodgiest delivery for six...
Member since:2005-11-16
"They are last at bat in the DNS patching game, and when they manage to hit the DNS bug the patch is an easy out."
Apple uses BIND for its DNS server, and a patch for BIND was indeed available but it was buggy. A performance issue was discovered on high-traffic recursive servers, defined as those seeing a query volume of greater than 10,000/queries per second. So yes the official patch for BIND was and is still buggy.
I don't think that Apple would ship a buggy patch for systems in production (open source guys does yes, but well that's their decision...), even if the security threat is high. Shipping buggy code even to fill a security issue is not acceptable.
Member since:2005-07-08
"They are last at bat in the DNS patching game, and when they manage to hit the DNS bug the patch is an easy out."
Apple uses BIND for its DNS server, and a patch for BIND was indeed available but it was buggy. A performance issue was discovered on high-traffic recursive servers, defined as those seeing a query volume of greater than 10,000/queries per second.
Apple uses BIND for its DNS server, and a patch for BIND was indeed available but it was buggy. A performance issue was discovered on high-traffic recursive servers, defined as those seeing a query volume of greater than 10,000/queries per second.
Sometimes you got to weigh whether the previous version, which had a serious bug, outweighs the bug in the new version, which has a less serious bug. If you wait to get rid of bugs by waiting for bug-free software, you may wait for a long time...
Also, when Apple did patch it, and they did, with the aforementioned buggy patch, they didn't even patch it properly on the client OS, which is less likely to encounter such a scenario. That in spite of documenting that they *had* patched it, like they had, belatedly, for OS X Server.
Edited 2008-08-04 06:21 UTC
News
Linked by Thom Holwerda on 05/19/13 23:15 UTC
"This is my NeXTstation Turbo Color booting the Mac System 7.1 Operating System using a hardware add-on called 'Daydream'. The Daydream has a Mac ROM and a few custom ICs in it and hooked up to the NeXTs DSP port. Turns your NeXT into a full fledged 68k powered Mac." So cool.
Linked by Thom Holwerda on 05/19/13 23:11 UTC, submitted by Drumhellar
"The NetBSD Project is pleased to announce NetBSD 6.1, the first feature update of the NetBSD 6 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Please note that all fixes in the prior security/bugfix updates (NetBSD 6.0.1 and 6.0.2) are also in 6.1."
Linked by Thom Holwerda on 05/18/13 21:06 UTC
"At the end of a week in which Electronic Arts confirmed it wasn't developing a thing for the Wii U, one of the software engineers in EA Sports' Canada studio, in a series of since-deleted tweets, disparaged the console as 'crap' and suggested Nintendo should give up on hardware altogether. 'The Wii U is crap. Less powerful than an Xbox 360. Poor online/store. Weird tablet', tweeted Bob Summerwill, listed as a senior software engineer at EA Canada, in a reply to a tweet posting a link about EA's no-Wii U news. 'Nintendo are walking dead at this point'." The Wii U is turning into the 21st century's Virtual Boy.
Linked by Thom Holwerda on 05/18/13 7:37 UTC
"In NixOS, the entire operating system - the kernel, applications, system packages, configuration files, and so on - is built by the Nix package manager from a description in a purely functional build language. The fact that it's purely functional essentially means that building a new configuration cannot overwrite previous configurations. Most of the other features follow from this." Interesting approach. A Linux distribution, sure, but with some very refreshing ideas about system configuration.
Linked by fran on 05/18/13 1:38 UTC
Appfour added, among other features, C/C++ support to its new version of AIDE. From Android-IDE, "Now you can write parts of your app or your whole app in C/C++ on your device. AIDE supports the Standard Android NDK toolchain (GCC 4.6 + Bionic, STL, ...). No changes are necessary if you want to build an app developed on a PC with Eclipse. C/C++ development is fully integrated: Build errors appear in the error list and files can easily be navigated to with Go to file. The editor supports C/C++ syntax highlighting."
Linked by Thom Holwerda on 05/17/13 23:35 UTC, submitted by kragil
Ars nails it: "The answer is that Google did announce what amounts to a fairly substantial Android update yesterday. They simply did it without adding to the update fragmentation problems that continue to plague the platform. By focusing on these changes and not the apparently-waiting-in-the-wings update to the core software, Google is showing us one of the ways in which it's trying to fix the update problem."
Linked by MOS6510 on 05/17/13 22:22 UTC
"It is good for programmers to understand what goes on inside a processor. The CPU is at the heart of our career. What goes on inside the CPU? How long does it take for one instruction to run? What does it mean when a new CPU has a 12-stage pipeline, or 18-stage pipeline, or even a 'deep' 31-stage pipeline? Programs generally treat the CPU as a black box. Instructions go into the box in order, instructions come out of the box in order, and some processing magic happens inside. As a programmer, it is useful to learn what happens inside the box. This is especially true if you will be working on tasks like program optimization. If you don't know what is going on inside the CPU, how can you optimize for it? This article is about what goes on inside the x86 processor's deep pipeline."
Linked by Thom Holwerda on 05/17/13 22:15 UTC, submitted by Tom
"It was the only moment I heard regret slip into Otellini's voice during the several hours of conversations I had with him. 'The lesson I took away from that was, while we like to speak with data around here, so many times in my career I've ended up making decisions with my gut, and I should have followed my gut,' he said. 'My gut told me to say yes.'" The world would've been a much different place - Apple would have been less dependant on Samsung for its chips, which probably would've meant less money for Samsung to develop its Galaxy business.
Linked by Thom Holwerda on 05/16/13 21:41 UTC
Glass is getting some love at Google I/O as well. New applications have been released - Facebook, Twitter, Evernote, Elle, Tumblr, and CNN. Perhaps more interesting: the newly announced Google Glass Developer Kit will allow offline applications and direct hardware access - great for hacking and expanding Glass' potential. This kit will really allow hackers to put Glass through its paces.
Linked by Thom Holwerda on 05/16/13 17:04 UTC
"But Beck and Merrill decided that simply banning toxic players wasn't an acceptable solution for their game. Riot Games began experimenting with more constructive modes of player management through a formal player behavior initiative that actually conducts controlled experiments on its player base to see what helps reduce bad behavior. The results of that initiative have been shared at a lecture at the Massachusetts Institute of Technology and on panels at the Penny Arcade Expo East and the Game Developers Conference." Absolutely fascinating stuff. I'm a League of Legends player, and to be honest, the community isn't nearly as bad as some make it out to be. I'm happy Riot games has the guts to employ science to address the issue.More News »
Sponsored Links
Member since:
2005-07-08
Forgive the baseball analogies non-North-American readers, but Apple is really batting .000 in the security department lately.
They are last at bat in the DNS patching game, and when they manage to hit the DNS bug the patch is an easy out. They make FileVault a shut-out for the hacking team thanks to their censorship, also they send their security engineers back to the bench rather than let them play for the crowd. At Apple, is nobody on at the bottom of the Ninth?
Secrecy is great for an iPod launch, it makes no sense for security. Somebody needs to teach Apple good sportsmanship before the enterprise takes their ball, and goes home.
Edited 2008-08-03 17:47 UTC