Linked by Eugenia Loli on Thu 26th Jan 2006 02:52 UTC
Mac OS X OS X contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago, according to a security researcher credited with finding numerous bugs in Apple's increasingly popular platform.
Thread beginning with comment 89798
To read all comments associated with this story, please click here.
wtf?
by mikehearn on Thu 26th Jan 2006 19:58 UTC
mikehearn
Member since:
2005-12-31

So here we have an interesting thing

1) A security expert, who works on finding exploits, finds and reports many exploits in a short space of time. From this he concludes that Apples security is poor. I fail to see how this deduction can be logically challenged.

Immediately people who wouldn't know logic if it smacked them in the face decide to launch ad hominem attacks. The article must be crap, because he also writes tools to help companies write more secure code. The thinking seems to be: we shall not let minor details like "facts" bother us, we have shown that the author is not a 100% disinterested observer, therefore his argument must be wrong.

Other people choose to attack his assertion that Apple don't use code analysis tools unlike Microsoft who do. Microsofts use of static code analysis programs developed by MS Research is well documented, these can locate potential bugs in programs quite nicely. Apple clearly cannot use them, because if they did they'd already know about many of the vulnerabilities reported and would (you'd hope!) have fixed them given their seriousness.

Nonetheless, apparently making more logical deductions from the evidence available and some simple axioms (like "Apple fix security bugs they know about"), is frowned upon here.

2) Rayiner, who has actually read the code and knows what the hell he is talking about, tells it like it is, and people who clearly know crap all about operating systems (since when do syscalls run in userspace? isn't that impossible by definition?) throw random bits of marketing fluff around as a "rebuttal".

Ye gods.

Reply Score: 5

RE: wtf?
by alcibiades on Thu 26th Jan 2006 20:56 in reply to "wtf?"
alcibiades Member since:
2005-10-12

Very well put!

Reply Parent Score: 1

RE: wtf?
by mikehearn on Fri 27th Jan 2006 01:21 in reply to "wtf?"
mikehearn Member since:
2005-12-31

Oh, one thing I forgot to mention originally, fat binaries are IIRC not a feature of Mach-O specifically, rather they're a feature of the bundles system. You could easily implement fat binaries with ELF or PE, and in fact the ROX Desktop guys have done exactly that. I'm not entirely sure why they use Mach-O, it's not very good, but I suspect it's one of those bits that got pulled across in the NeXT code import and never got cleaned up.

Reply Parent Score: 1