Real bug, hypothetical exploit, of course.

I sincerely doubt the exploit was merely hypothetical, but I know for a fact that that's exactly the sort of thinking that leads to real exploits.

Who cares? It was real, not hypothetical.

"Pics or it didn't happen" is a cute saying that has no bearing on reality. Are you from that generation? Any security expert will tell you that an 18 month unpatched hole like the Apple one is, in fact, a huge deal.

Speaking of pics, it's my understanding that more of those surfaced recently from iCloud.

Never remotely said that

Who never remotely said that? The original post I was responding to was from macs4all -- are you him? His argument was essentially that your data is safer with Apple, ostensibly because of their privacy policy, and that their business model is the perfect one because everybody is tired of being data-mined, so Apple is who you should trust your data with.

That's a bit disingenuous -- if you read more of the articles about the Apple bug, you will find insiders that claim, basically, that it was bound to happen, because of the culture inside Apple.

And a couple of months later, it happened again -- Apple patched 26 bugs, each of which could allow remote code execution, and half of those had been reported to them by google.

Look I don't care whether or not you believe that at some point enough anecdotes stacked end to end amount to data.

But I still think it's stupid to say Apple is incented to do a better job with your data. Google absolutely needs people to be able to trust the internet, and AFAICT, it is in their DNA to take this seriously and to work hard to try to find and report flaws in, e.g. Apple's browser, as well as in their own stuff, because if enough Apple users stop doing stuff online, yes, google will be hurting.

Apple absolutely needs this trust too, in order to have the market keep growing. But they weren't born an internet company, and although they are learning, IMHO, their security is nowhere near as mature as Google's.

My point is a bunch of anecdotes don't make an argument

Which is obviously why you keep focusing on the anecdotes and ignoring, e.g. the study I pointed to, which says, for the typical user using applications from the exact same well-known companies, more data gets leaked on Apple than on google.

Which says it's not just their security model. I would say that Apple is still learning about how to use data properly, Facebook and linkedin are focused on exactly how far they can go, and google has internalized some sort of compromise on data handling that nobody who uses Facebook should bat an eyelash at, and that even a lot of people who hate facebook can accept.

More to the point, google actually tries to apply this consistently as much as possible, which only nets them grief because of their universal privacy policy.

Apple's privacy policy may be "better" than google's in some theoretical fashion, but if more user data is leaked via iOS apps than Android apps, how is that better in the real world for a typical phone user?

You can easily google for it on lots of other sites, but you knew that right? We may never know if it was exploited, but it was certainly extremely easy to exploit, so it doesn't fall anywhere near the realm of a "hypothetical" bug.

As far as google serving up ads with malware, (a) that didn't go on for 18 months, and (b) while I don't condone javascript in ads (or ever have this enabled), this is actually, generally, a lot safer than it used to be. This particular malware, which made the news precisely because it is rare for google to serve malware, requires either an ancient flash install or an unpatched XP/IE installation, in order to infect a system.

Trying to serve others' javascript safely is a much more complex problem than implementing SSL correctly, and that this attack for ancient systems went on for half-a-month, while Apple's exploit for all current iOS systems was available for 18 months, may not be making the point you think it is.

cherry picking is not a good argument

No, much better to make blanket assertions that Apple handles data better because that isn't its business (which is the original assertion that I was responding to).

Those examples were just that -- examples. Did you bother to read the link I gave about how apps from the same companies leak more user data on Apple than on Android?

Citation, please.

Well, you can read all the headline news about how all the malware is on Android because Apple keeps it off of iWhatever, or you can try to figure out which system is better for the stuff you're actually going to use:

http://www.sciencedaily.com/releases/2013/10/131011092523.htm

You can read the false equivalence narrative about how both Apple and google suffered data breaches recently, or you could use your brain and realize that you have seen evidence that it's pretty easy to get "private" stuff out of Apple's cloud, but there's not much evidence of getting it out of google's cloud:

http://www.v3.co.uk/v3-uk/news/2364799/google-confirms-five-million-customer-data-dump-but-denies-breach

You can read about how Apple is going to revolutionize payments, or you can read some of the user stories here about how people have been using google for payments for a long time with no problems, and you might think about how, even a few months ago, Apple had a major https problem:

http://www.theblaze.com/stories/2014/02/24/apples-security-breach-should-scare-you-more-than-targets-did/

And finally, you can ooh and aah about how iOS is now encrypting everything in a way that only the user can decrypt it "unlike [Apple's] competitors" and google is playing catchup, or you can dig deeper and find out that this has been an option on Android for three years, and all google has to do to match Apple is turn it on by default. (They probably had it off by default simply so Apple wouldn't be beating them in storage benchmarks.)

So you actually approve of a Business Model based on Tracking (and Selling) your every online move?

Now I have to ask you for a citation. Google targets ads to you, but AFAIK, unlike, say, Facebook, they don't actually sell your data directly to others. That's because, believe it or not, it is precious to them. Whether or not I approve the business model is immaterial, but I reject the premise that Apple is capable of handling data better because their business isn't based on handling data. Seriously, doesn't that sound like a stupid claim?

...and people think Apple aficionados are delusional???

That's only because enough of them are that it's a thing.

I wouldn't have a problem with that.

But that seems unlikely. The system is out of control, and the societal costs of bad patents are both huge and unfairly distributed.

Since lots of great software was written before it was patentable, there is no reason to believe that patents are necessary to help create good software.

Since lots of great open source software is still being written now, there is still no reason to believe this.

So we have a system that provably isn't needed, and that provably causes great harm in some cases. The best fix for such a situation is a wooden stake to the heart.

It's their lifeblood.

Self-selecting, too.

Dudes and gals who get their panties in a bunch about corporations "controlling" open source will steer clear, while people passionate about open source and looking for an employer might take a closer look.

From what I read, several national, well-respected print and web publications have reached out to the original sheriff for clarification, and he has said squat.

If we misunderstand what he's saying, it's his own damn fault.

How the heck does it matter if Apple works with elcomsoft or not? If reverse-engineering a protocol is all it takes to jeapordize user's data, it's security-by-obscurity in the best case.

How can we be sure that really is what caught their attention? Can we be sure that this isn't just WBOC16 playing up the only sliver of fact they have?

You're making my point for me. The article didn't say that the sheriff confirmed the answer to a question; it said the sheriff volunteered this information. It appears that most of what we know from this sheriff has to do with the books. Why would he have said anything about them if they weren't perceived to be relevant to the investigation?

There is more information at the Atlantic article now; but it all came from a sheriff in a different county -- this particular sheriff apparently realized he fucked up, and now appears to be maintaining radio silence.

Early last week the school board was alerted that one of its eighth grade language arts teachers at Mace's Lane Middle School had several aliases. Police said that under those names, he wrote two fictional books about the largest school shooting in the country's history set in the future. Now, Patrick McLaw is placed on leave.

Dr. K.S. Voltaer is better known by some in Dorchester County as Patrick McLaw, or even Patrick Beale. Not only was he a teacher at Mace's Lane Middle School in Cambridge, but according to Dorchester Sheriff James Phillips, McLaw is also the author of two books: "The Insurrectionist" and its sequel, "Lillith's Heir."

Now:

"It didn't start with the books and it didn't end with the books," State's Attorney for Wicomico County Matt Maciarello told The Times. "It's not even a factor in what law enforcement is doing now."

OK, WTF do (did) the books have to do with it? It's not McLaw's fault or my fault that I think the police might have arrested him over the books -- it's obviously the police's fault I think that. And it's also their fault that they have a lot of credibility to recover, and saying that it's not about the books rings hollow.

Also, note the careful phrasing -- it didn't start or end with the books, and the books are not a focus now. So, at one point they were obviously the focus, and merited enough focus to be the only thing that was disclosed to the news organizations.

It's not a bad thing that this assumption may be completely unfair to the authorities, because we should always be pressuring them to be more transparent.

The code in question is dual-licensed.

The code is not produced by a charity; it is produced by a business. From the perspective of a business, the GPL is a marketing tool -- a great marketing tool. "Here's the source; try it out! Talk to others who are using it! Just contact us if you want to merge it with your proprietary code and make money!"

Any business can use the GPL this way, and many have. Just because a business uses the GPL does not mean that their politics align with the FSF.