Forgot your password?

Comment: Re:Open Source is still better (Score 1) 154

by BasilBrush (#48030955) Attached to: Apple Fixes Shellshock In OS X

Apple wouldn't have known about this little known old feature turned security hole if it wasn't for open source.

Apple wouldn't have had this defect if they hadn't used open source. For sure it might (and does) have others, but given it's taken 20 years for this defect to be found, the idea that there is any superior bug finding capability in the open source arena is laughable.

The myth "With may eyes all defects are shallow" was only ever believed by the naive. Shellshock and Heartbleed have proved it was nonsense. At this time only the religious still believe it.

Comment: Re:Wrong on two counts (Score 1) 154

by BasilBrush (#48030841) Attached to: Apple Fixes Shellshock In OS X

1) We don't know when the bug was introduced, although it's clear that it was quite some time ago.

You may not, but "we" do. I posted last Thursday that this vulnerability dates back to 1994.

The difference is that with OSS, they all will eventually get found and fixed. The same can't be said of closed source software.

That's religion, not fact. Furthermore your claim in the previous paragraph that "It's been shown by people much smarter than me that it's mathmatically impossible to do so." means that OSS cannot possibly fix all the bugs.

You disappear in a cloud of your own illogicality.

Comment: Re:that was fast (Score 1) 154

by BasilBrush (#48030765) Attached to: Apple Fixes Shellshock In OS X

Which is probably why this is a quick and dirty downloadable patch, rather than a proper OS update available to all with auto-update.

Those who have systems that open up BASH to the internets can get this partial fix, and get subsequent ones as BASH fixes progress. Those 99.999% for whom it's not relevant aren't bothered with pointless updates.

Comment: Re:Ahh yes (Score 1) 154

by BasilBrush (#48030681) Attached to: Apple Fixes Shellshock In OS X

Heck if you're going to rewrite in a more modern language why only move from a 1970s language to a 1980s language?

C++ does nothing to eliminate the common causes of defects and vulnerabilities - buffer overflows, dangling and unexpectedly nil pointers etc. Nor does it have anything to offer for the modern world of multiprocessing. And it's memory management is primitive.

If you're going to move forward from the 1970s, do it properly.

Comment: Re: Why isn't this auto-update? (Score 2) 154

by BasilBrush (#48030515) Attached to: Apple Fixes Shellshock In OS X

That's not a "dirty secret". Having a single component that launches all daemons is a laudable improvement over the adhoc, multiple methods that had grown up in Unix like OSs.

Linux has political problems between Linus and the systemd team, and systemd may be overreaching. None of which is relevant to OSXs entirely different component launchd.

And if anyone thinks there's any copying going on here, take note of the direction - OSX launchd dates back to 2005. Linux systemd to 2010.

Comment: Re: Restrictions (Score 1) 94

by BasilBrush (#48030311) Attached to: Mobile Phone Use Soon To Be Allowed On European Flights

You draw a distinction between "distracting" and "overheard in the first place" that I don't think is there.

And usually the volume IS elevated with mobile phone users. Most people are unaware of how good modern phones are at picking up the voice and cancelling out noise. And so they talk loudly on the phone.

Anyhow, I don't suppose we'll reach agreement. I suspect you are looking forward to being able to use a phone on a plane, and so lean towards arguments that result in that being allowed. I'm happier to just relax on a plane, so my bias it the other way.

Comment: Re:The complexity has to go somewhere (Score 1) 69

by BasilBrush (#48030273) Attached to: Building Apps In Swift With Storyboards

If it's as limited as questions for common defects in an existing app, that's not so hard. But a system that can actually create an app by asking questions is much harder - unless the possible kids of apps are very limited in scope, as with expert systems and the 3GL fad of the 1980s.

Comment: Re:How important is that at this point? (Score 1) 167

by Lumpy (#48027897) Attached to: Adobe Photoshop Is Coming To Linux, Through Chromebooks

none really. The only photoshop holdouts need CMYK or are unable to learn a new interface.

I only use photoshop because of all the free plugins that do what I want without having any skill at all. Butt hen I also think that my horribly out of date CS3 is just fine.

IF there were a lot more free plugins for GIMP that made it easier for us poseurs without any skill look good, it would surpass photoshop quickly.

Comment: Re:OEMs cannot write software (Score 1) 403

Currently I am using the local calendar adapter for Google calendar, from F-droid. Works well. There is a similar CalDAV adapter too - doesn't it work nicely with owncloud? I was hoping to use it some day.

The issue I'be had with it is that it doesn't really do merging, it does 'server always wins'. This means that if you delete an event locally, on the next sync it will reappear. It's fine for new events created on the device and for events created elsewhere if you just want to view them on the device. I use owncloud on the server and iCal on my laptop and editing things on either of those is fine.

Anyway, that was my point. Google and the other big 4, really do good UI - much as I hate to expose my data for their inspection.

The reason I stopped using the search engine was that they made a UI that pissed me off enough to make me quit. I've not found Google UIs to be particularly well designed in general - I could file a few hundred UI bug reports on the general Android system, including a lot that are regressions.

Comment: No sensible person ever though it was impossible (Score 2, Informative) 154

by daveschroeder (#48027003) Attached to: Apple Fixes Shellshock In OS X

But even here, again, when you look at a typical OS X desktop system, now many people:

1. Have apache enabled AND exposed to the public internet (i.e., not behind a NAT router, firewall, etc)?

2. Even have apache or any other services enabled at all?

...both of which would be required for this exploit. The answer? Vanishingly small to be almost zero.

So, in the context of OS X, it's yet another theoretical exploit; "theoretical" in the sense that it effects essentially zero conventional OS X desktop users. Could there have been a worm or other attack vector which then exploited the bash vulnerability on OS X? Sure, I suppose. But there wasn't, and it's a moot point since a patch is now available within days of the disclosure.

And people running OS X as web servers exposed to the public internet, with the demise of the standalone Mac OS X Server products as of 10.6, is almost a thing of yesteryear itself.

Nothing has changed since that era: all OSes have always been vulnerable to attacks, both via local and remote by various means, and there have been any number of vulnerabilities that have only impacted UN*X systems, Linux and OS X included, and not Windows, over very many years. So yeah, nothing has changed, and OS X (and iOS) is still a very secure OS, by any definition or viewpoint of the definition of "secure", when viewed alongside Windows (and Android).

Comment: Re:Thai Tasting (Score 3, Interesting) 100

by Rei (#48026993) Attached to: Robotic Taster Will Judge 'Real Thai Food'

While I personally see a device like this (sorry... ROBOT!) of rather limited use for testing prepared dishes, I can see great utility for it for testing ingredients. You could have a standardized, unambiguous way to rate the quality or at least properties of a given product, be it meat, fruit, vegetables, etc. I bet cultivar breeding programs in particular could really benefit from this - "Well, I was hoping that this new mango would be a huge innovation, but actually it's almost identical to a Keitt. Though to be fair its mouthfeel is somewhat like a Carrie, and it does have a small amount of a new novel aromatic compound..." Just a single mass produced sensor package that measures a wide range of different properties at once in a repeatable, universal manner. If such a thing could become widespread, I'd bet half of the "cultivars" out there would pretty much disappear, having been shown to be essentially identical to others.

Those who can, do; those who can't, simulate.