I must be cranky, or Gruber must have been hit with the idiot stick.
For example, in this brief post, he says:
But it rings untrue to most ears to claim that Apple is doing a bad job with regard to security. The evidence suggests that Mac OS X has been and remains secure enough to be safe, and safety is what real people actually care about.
Now, I just read a blog post earlier today by Gruber’s arch-nemesis, Rixstep:
The point Rick summarizes most succinctly, that doesn’t seem to get much press:
As reported by members of the Rixstep/7 forum.
bash seems to be about two years old.
bzip2 is still at version 1.0.4 which is a year old.
rsync is still at version 2.6.x which is three years old.
Most rsync updates since 2006 were security updates.
X11 is still 2.1.6 although X.org released 2.3.3 three weeks ago.
History and numerous hacker contests have proven the best, easiest, fastest, and most reliable way to hack Mac OS X is to compare version numbers of open source modules, find one or more that are egregiously unconscionably out of date, and read the change logs at the source. From that point the hack’s child’s play.
This is why once a year the Macbook gets hacked and won in 5 minutes while it takes longer to get the Vista or XP machine. Gruber’s conclusion sounds like Microsoft ad copy: “safety is what real people people actually care about.” WTF?
Apple seems ignorant, or more likely arrogant when it comes to implementing timely security fixes for the open-source underpinnings of its operating system. “Ringing untrue to most ears” means absolutely nothing.