Contact Info

sean [at] coreitpro [dot] com gpg key

Mastodon

sc68cal on Libera

iPhone Security & Community Reaction - Battle Plan

If the iPhone security debacle was a war, here is how Apple and the community would respond:

Wave 1: Mad rush of Fanboys across the city square a’ la Enemy at the Gates. One rifle to two men. When the one man gets shot, the other man picks up the rifle and shoots. We’ve already documented some of the smarter ones previously.

Wave 2: The Professional Fanboy. Daring Fireball spends 15 words dismissing all claims, and then continues to complain about irrelevant things. Gems like ‘Stewing over Safe Sleep’ and how he HATES waiting EXACTLY 49 seconds for his computer to go to sleep. Oh and linking a friend’s ravings about the Macbook. What a nice guy.

Wave 3: RoughlyDrafted’s Daniel Eran lays down a smokescreen, nit picking pundits on the Windows side about revocation on the iPhone platform vs. the Windows platform. Completely ignores the fact of the matter.

Wave 4: Apple Corporate comes in, sweeps up the game peices. Similar to what they did with David Maynor, who is still to this day mad as a bull over the fast one that Apple’s PR and hired guns in the press did to him.

So, since Waves 1 and 2 get cut down after falling on their own faces, we’ll just go on ahead and start with RoughlyDrafted.

'Deriding Macs for their supposed “security through obscurity” actually gets things backward however. The core of Mac OS X, including its kernel and BSD userland, is open source that can be examined like a set of blueprints to determine how the system works, and how it could be attacked. Mac OS X also incorporates external open source code including the Apache web server, and other open code maintained by Apple including the WebKit rendering engine that powers its Safari web browser.'

There are problems with this though. In a perfect world, OS X would indeed leverage the power and fast fixes of the Open Source community. That doesn’t happen though. They end up leveraging the power of the Open Source community, without having the speed. Why?

Well, As Rixstep puts it, Apple has to:

'branch' their open source code. As they have this weird 'beige box' still locked inside their operating system they cannot take open source contributions 'as is' and incorporate them into their updates. They need to retrofit their 'MacOS' into them - with all that means. And above all it means - in this context - time. Which results in Apple falling far behind the rest of the industry in terms of updates.

Apple is not nearly as open as they like you to think. The Free Software Foundation has many legitimate concerns about Apple, and their commitment to Open Source with their “Apple Public Source License”, which they lay out in an essay.

The FSF now considers the APSL to be a free software license with two major practical problems, reminiscent of the NPL: •It is not a true copyleft, because it allows linking with other files which may be entirely proprietary. •It is incompatible with the GPL. For this reason, we recommend you do not release new software using this license; but it is ok to use and improve software which other people release under this license.

So really, how ‘Open Source’ can Apple be if their own ‘Open Source’ license is incompatible, repeat incompatible, with the GPL which essentially embodies the Open Source movement?

Case and point:

Aside from this, we must remember that only part of Mac OS X is being released under the APSL. Even though the fatal flaws of the APSL were fixed, and even if the practical problems were addressed, that does no good for the other parts of Mac OS X whose source code is not being released at all. We must not judge all of a company by just part of what it does.

In RoughlyDrafted’s own words:

Apple, like all commercial developers, has to carefully weigh the value proposition offered by a wide range of different open source strategies.

The strategy that Apple has apparently taken is one in which they take from the Open Source movement and then only give back table scraps. They get the power of Open Source, but pay a penalty in the response to bugs and security vulnerabilities.

This isn’t really news to anyone in the know, but the problem with the OS X community is that most people aren’t, and they take their marching orders from people who deliberately don’t know.