Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Mistakes happen, not fixing them hurts !' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Mistakes happen, not fixing them hurts !
Authored by: voldenuit on May 19, '04 08:04:57PM

First of all, I am extremely disappointed that Apple has happily ignored this problem for two months.
I might be mistaken, but I feel it is strikingly stupid in the first place to have anything such as HelpViewer at all, let alone with the ability to start remotely scripts (even if it is done in arcane ways, it just works). Why not use Safari instead of re-inventing the wheel (which turns out to be square) ?

One could either have a HelpViewer app that can run scripts but cannot be called more or less directly and without warning by visiting hostile websites or drop that ability entirely and use Safari directly.

People I have been explaining how vastly more intelligent Apple's security concept and how well conceived and thought out OS X was, compared to competing OSs and browser with more marketshare riddled with security issues on a daily basis, are laughing at me now and unfortunately, they have valid reasons to do so !

I could reluctantly admit that even the brialliant crowd at Apple might not have been able to figure out the evil chaining of tricks that needs to be done to make the exploit work on their own, but they should have fixed it within less than 48 hours after they got the exploits proof-of-concept, even if it slightly breaks some of the more esotheric help-functionanlities.

Pretty much like Rob, I am equally disgusted by the dumbness of the news-reports about the "worm"-stories and Apple's stupid original runscript-design, the persistant failure to assess the importance of the bug report and to issue a quick fix.

Bugs slip through, but failure to fix them as soon as they expose themselves is a Really Very Bad Thing(tm).

One more thing:
It is harder work to code with the boring carefulness that reasonable security requires rather than adding half-baked "visionary" new features like there was no tomorrow. While they got more and more on the RFC- and open Standards-track, there is still quite some Apple-arrogance of the Elder Days that survived, assuming that the brilliance of the idea, the slickness of the GUI compensates poor realisation.
Unix is a harsh mistress. Coding watertight and bulletproof solutions obeys rules that exist for everyone, reality-distortion-fields won't cut it.



[ Reply to This | # ]