DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > General Publishing Topics

Reply
 
Thread Tools Display Modes
Old 01-04-2007, 03:06 AM   #1
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default Security project focuses on Apple

From the BBC news site:
Quote:
Two security researchers are spending the next month publicising bugs in Apple's OS X operating system and programs that run on it.

The plan is to only publicise flaws that have never been found before.
Read the full article (Thursday, 4 January 2007).

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 01-04-2007, 05:37 AM   #2
dthomsen8
Member
 
dthomsen8's Avatar
 
Join Date: Aug 2005
Location: Philadelphia, PA 19130
Posts: 2,158
Default Apple Security Project

Why do these two men go about getting security holes in the Apple operating system fixed by revealing them to the world? Is Apple deaf to bug reports to them? We should await an official response from Apple, but I wonder why they take this approach. It may be that they simply have more fun and publicity by this approach. It won't affect me, I have never used Apple computers.

Microsoft gives a lot of rhetorical service to security, but I have my doubts about how responsive they actually are. With the release of Visita, their efforts on Windows XP security holes are bound to decline.
dthomsen8 is offline   Reply With Quote
Old 01-12-2007, 12:46 PM   #3
groucho
Staff
 
Join Date: Oct 2004
Posts: 490
Default

"Microsoft gives a lot of rhetorical service to security, but I have my doubts about how responsive they actually are. With the release of Visita, their efforts on Windows XP security holes are bound to decline."
On the contrary, anyone who has watched MS over the years will be able to tell you how their attitude changed a couple of years ago, perhaps with the appointment of Steve Balmer. Among other things, he shut down *all* programming on *all* projects for nearly two months while all programmers were given security training and taught how to be proactive about security in their coding.
And while MS hasn't commented on all the reasons for the Vista delay, there was some major rewriting which may have been due to security issues found in the first beta cycle. Vista itself, and IE7, are designed with different core code in order to address security issues, but there is no reason to think these are "the end" of the concern. MS was roundly--and deservedly--pounded for failing to address security issues and there's no reason to think the new edict, that products must be secure, will go away.

Of course, no mass-market OS will ever be secure, because then the mass market customers complain that they have to LEARN TOO MUCH to control it. As Walt Kelly said, "We have met the enemy, and he is us."

If all ISPs did what Comcast starting doing (2? years ago), we'd all be more secure. Let a zombie take over your computer, and you're cut off, banned from the service for life. Experience that once or twice when there are only one or two broadband providers in your area...and either you learn basic security, or you're no longer a threat to anyone else, because you're essentially off the web.
groucho is offline   Reply With Quote
Old 01-12-2007, 02:51 PM   #4
dthomsen8
Member
 
dthomsen8's Avatar
 
Join Date: Aug 2005
Location: Philadelphia, PA 19130
Posts: 2,158
Default Comcast Customer

Quote:
Originally Posted by groucho View Post
If all ISPs did what Comcast starting doing (2? years ago), we'd all be more secure. Let a zombie take over your computer, and you're cut off, banned from the service for life. Experience that once or twice when there are only one or two broadband providers in your area...and either you learn basic security, or you're no longer a threat to anyone else, because you're essentially off the web.
Comcast makes their system secure by banning insecure customers? Don't they have some responsibility, too? I am a Comcast customer, and I haven't heard of this policy, but then, I haven't read all their fine print recently, either.
dthomsen8 is offline   Reply With Quote
Old 01-12-2007, 03:11 PM   #5
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default

Quote:
Originally Posted by dthomsen8 View Post
Comcast makes their system secure by banning insecure customers? Don't they have some responsibility, too?
Sounds to me they are actually taking their responsibility - one insecure PC that has been taken over and is now a zombie on their network is a threat to many more. And how do you propose an ISP would prevent a customer's computer being taken over?

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 01-12-2007, 07:33 PM   #6
groucho
Staff
 
Join Date: Oct 2004
Posts: 490
Default

I am fairly sure it is Comcast, if not then it is still one of the larger ISPs on the east coast and I've misremembered which one. The policy made news when it was announced, at least in trade circles.

They are not doing this to make their system secure. They are basically saying that if you are a drunk driver, or if you let a drunk driver use your car, they don't care who the drunk is or how they got your car--but your 'car' is going to be off their highway.

It puts the responsibility for your computer right where it belongs--on you.

Since a number of ISPs in the US and EU have reported spam, largely from zombies, is now accounting for a full 50% of all their traffic, yes, I think they are brave for leading by example instead of saying "Well, there's nothing anyone can do about it."

Can't take care of your children? Someone takes them away.

Can't take care of your dog? Someone takes it away.

Can't take care of your car? Someone takes it away.

Same thing for the computer, works fine for me. It isn't hard to keep zombies out, or to see when they are working. Most people just don't give a damn about anyone else and can't be bothered reading their own instruction manuals.
groucho is offline   Reply With Quote
Old 01-13-2007, 02:41 PM   #7
Molly/CA
Member
 
Molly/CA's Avatar
 
Join Date: Jan 2005
Location: Central California
Posts: 235
Default

Quote:
Among other things, he shut down *all* programming on *all* projects for nearly two months while all programmers were given security training and taught how to be proactive about security in their coding.
Then how come every time I visit the update center (or forget to turn autonotification off after I do) there are a fistful of 'critical' updates I'm supposed to download?
Molly/CA is offline   Reply With Quote
Old 01-14-2007, 01:12 AM   #8
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default

Quote:
Originally Posted by Molly/CA View Post
Then how come every time I visit the update center (or forget to turn autonotification off after I do) there are a fistful of 'critical' updates I'm supposed to download?
Because at keast most of the critical updates are for code that was written many years ago - when security was not in the minds of the designers and programmers (but functionality was). Consider all the critical updates for Windows 2000, for instance - the developement of which started around 1997 or 1998. It's only with Vista (and IE7) that a lot of old code has been ripped out and really replaced - exactly for security's sake; and it's only now that sometimes functionality (or ease of use) is allowed to be reduced for security's sake. XP made a small step on this road, but retained much of the old code; Vista is much more radical in this respect. Such a thing was unheard of 10 years ago.

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 01-16-2007, 10:06 AM   #9
groucho
Staff
 
Join Date: Oct 2004
Posts: 490
Default

And, because the one thing (learning to plan for security) has got little or nothing to do with the other (the security of programs).

You can teach people defensive driving, that doesn't make them good drivers. Arguably it may make them potentially better drivers than they were--but it won't make them perfect, especially when hundreds of thousands of attackers are reviewing their code, including highly experienced PhD-level programmers who work for organized crime overseas.

MS also instituted peer programming, where programming tasks are done by a team of two programmers, rather than individuals. The old logic was that one focused mind could write the best code. The new logic is based ont he finding that one focused mind under pressure often misses things, and a second set of eyes will catch many of them. (Which is the same reason why every author and editor knows that proofreading MUST be done by a separate proofreader, not the author.)

Molly, if you want perfection, you won't find it on this planet. The gods make mistakes, the Pope makes mistakes, and the President we just won't talk about.<G>

The point is that so many readers complained that MS finally paid some attention. Arguably too little and way too late--but they have spent considerable resources on addressing security concerns. And no other OS has been found perfect.
groucho is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google scanning project dthomsen8 General Publishing Topics 11 01-26-2007 03:52 PM
EFF victorious over Apple ktinkel General Publishing Topics 5 05-29-2006 08:32 AM
Rich apple colours annc The Corner Pub 31 08-11-2005 04:17 PM
Huge Question about how to do Thumbnail Project agentjk Print Design 4 06-11-2005 04:47 PM
Apple to move Mac to Intel ktinkel General Publishing Topics 10 06-05-2005 07:07 PM


All times are GMT -8. The time now is 10:42 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.