Saturday, March 20, 2010

TUAW & Muckraking, Charles Miller & Apple, Crapware & a Bag o' Chips

TUAW is always a head smack in the morning along with my coffee. Go ahead and skim 20 zero-day security holes in Mac OS X to be revealed and revel in the circus of FUD that is TUAW and their bloggahs. So, duh, I comment:

*sigh* Here we go again. Look, here's the deal. NO software is perfect, and any piece of software, whether it's made by $APPL, $MSFT or even $GOOG or $ADBE is filled with 100s of minor bugs and even a few major ones even at ship. That's the nature of the sausage factory.

1/ Charles, like every other security wonk out there, is out to make a name for himself. One of the ways that you do this is to pick a fight. With someone bigger. So, Apple. He's considered a 'personality' (read: a jerk) but being ex-NSA, he can back it up.

2/ Apple (and other vendors) know about CanSecWest and DefCon, and... and they normally drop updates. Charles may have found 20 bugs, but he'll have to contend with the updates as well as justifications for what he found, because normally what these wonks (like Charles) find are 'edge cases', as in, the hacker would have to have physical access to your Mac to execute these on Safari, etc. My reaction is: 'What, he only found 20??'

To say ' There's no question about it, Apple should have caught these holes in the first place..' is irresponsible. Nice hack job there, TUAW.bloggah. You're muckraking like everyone else who picked up the story.

If these holes are edge cases or the fact that 'nobody's perfect' you have to acknowledge some things: Again, people --who make and test software --aren't robots with perfect information, and also: The world needs jerks like 'brainy cunts' like Charles Miller to keep Apple on their toes. (the "brainy cunt" post got deleted, hah. -DE).

The real story will come AFTER CanSecWest. Let's find out what's real and what's 'claim chowder' from Charlie Miller.

[From 20 zero-day security holes in Mac OS X to be revealed]

The thing is all software companies KNOW THIS and there's a 'code of silence' of sorts about picking on each other's security unless, as a vendor they're a major liability to the other --like Apple NOT letting Flash on the iPhone and when Adobe complains about it calling them 'lazy'.

One thing that's going around the industry is how 'evil' Apple's becoming. What a load of bunk. On the iPhone, their crown jewel, as pervasive as Windows of is on PC-- they are judge, jury, and system administrator. I say GOOD. I don't want crap on my iPhone, and I don't want Apple wiping vendor ass, including updates for buggy software they have no control over. Apple vetting software on the iPhone is far better than what MSFT did on Windows letting any old crapware on. Apple saying NO is a good thing in this case.

The other thing is how little Apple (and Google) seem to offshore their staff compared to other companies in the same industry --and how those two companies are really innovating compared to the ones that are up to their ears in Indian and Chinese offshore 'assets'. At this point Google is the only 'worthy competitor' to keep Apple on their toes, and again, I think Apple is tired of wiping the asses of the less-than-worthy.

Make no mistake. Charles Miller acting like a jerk to Apple is a GOOD thing. It keeps Apple on their toes and will keep them from turning into Microsoft. But it also, in a small way shapes how tolerant Apple is about crapware on their platforms and how much bullshit they'll take FROM-- and are willing to take FOR-- other software companies who not only cannot innovate but don't currently have the depth to.

But I'm just an Apple fanboy, right? In the morning...

Drunky out.

"Beautiful Security: Leading Security Experts Explain How They Think" (O'Reilly Media)

No comments: