Culture

More on Leopard security

David Maynor responds to the Macalope

David Maynor responds to the Macalope's post below.

To start with, lets [sic] settle that dydl isn't a library so Apple's ASLR implementation is just peachy thread in his comments section.

That's a misreading or misrepresentation of the discussion in the comments section. The point was whether or not, as Maynor said, Apple lied about its implementation of ASLR. The Macalope's seen no evidence they lied about it. He's not happy with the way it's portrayed in the Leopard materials, but it's not a lie.

But contrary to Maynor's contention, the Macalope and even the commenter in the post below are not arguing that Apple's implementation of ASLR is "just peachy". It's not. It's better than no implementation of ASLR, but not much.

If somebody says Microsoft did something right they must be bribed.

OK, fine. The Macalope doesn't know the particulars of Maynor's relationship with Microsoft. But the company has pretty much plied everyone on the planet with free drink and food (that was the extent of the brown and furry one's insinuation, not that any cash passed hands) at some point, so that was not much of a stretch. The Macalope himself fondly remembers a free lobster shindig he attended in Boston some years ago sponsored by the great Satan from the Pacific Northwest.

Did the mythical beast with a head shaped like a classic Macintosh partake of Bill Gates' forbidden seafood temptation?

Hell, yes. As a matter of fact, he not only ate the two lobsters that were his due, he ate another one off the plate of a friend.

For a ruminant from the high mountain plains, the Macalope sure loves him some lobster.

But frankly -- and the horny one actually had a sentence about this in the previous post that he edited out for brevity -- despite the ethical concerns, he wishes Apple played this game better. A few cozy keggers with people in the security biz couldn't hurt.

Sorry, that's not the case...

You've never been to a Microsoft-sponsored shindig? Really? You should get out more. There's probably one just down the block from you going on right now.

... I just think some simple things they have done will increase the overall reliability and safety of their applications.

It's true. After forcing their customers to become experts in repeatedly reinstalling the company's operating system to get rid of malware (the Macalope knows people who brag about how fast they can get their XP systems up and running again), Microsoft has made an operating system that is more secure.

Which has not yet achieved wide-spread adoption.

And this is the problem. In some perfect sphere of Platonic logic somewhere, Windows users have a more secure operating system experience. Here in reality, however, it's still Mac users.

For now.

You see Apple's problem in security is not the technology. OSX has a great pedigree with its FreeBSD ties and all these problems previously mentioned are fixable. The problem I see with OS is Apple. Unless I am mistaken the Apple Security team if 4-5 people, or at least it was last year at this time. That is like having one police officer patrol New York City, its ridiculous.

But Apple doesn't live in New York City, David. It lives in Newton Massachusetts. Yes, there have been a few break ins and people are concerned that the place could get turned into Flint Michigan some day if Apple's not careful, but today that's not the case.

A commenter in Maynor's thread notes that there are at least 7 people on Apple's security team. The Macalope has no idea how many people is enough, but he likes Maynor's suggestion that Apple appoint a chief security officer, because the Leopard implementation of several items -- particularly turning off the firewall -- reeks of security just not being anyone's responsibility there.