Filed under: Software, Apple, Security, Blogs
Former Apple engineer offers fixes for Month of Apple bugs silliness
Landon Fuller, programmer and former Apple BSD Technology Group engineer extraordinaire, has offered to try and provide fixes for the exploits that appear during this asinine Month of Apple Bugs. Landon has already posted workarounds for the QuickTime vulnerability, and he links a change the VLC team has already made to their codebase (which is likely to be rolled out soon).I join many others in thanking Landon for his work, but I still wish he didn't have to do it. Why should a former Apple engineer use his free time to chase after publicized exploits, when Apple themselves (and any 3rd parties) should be the ones to fix these problems at their core?
Thanks Bill I
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
michel said 2:14PM on 1-03-2007
maybe because theses persons totally bypass Apple own management and planning
and also try to ignore than Vlc developpers have tools to inform about bugs.
http://www.videolan.org/support/index.html
maybe...
Reply
Ernest Leitch said 1:32PM on 1-03-2007
Because apple drags their feet when it comes to fixes. Someone needs to put a fire under their butt to get anything done.
Reply
Skroob said 11:10PM on 1-03-2007
Because an independent engineer can develop a workaround without the hassle of the exhaustive testing an official patch requires. Also he can start work on it faster because instead of submitting the bug to Apple like a normal person, they are announcing it to the world in an obvious publicity stunt, modeled on the idiocy of the wireless driver issue.
Reply
Scott Stevenson said 4:56PM on 1-03-2007
It's not clear to me what Apple should do here. Release a security fix via Software Update every day for a month?
Reply
mike said 7:17PM on 1-03-2007
I totally agree with Ernest's comment! We need to take security seriously as the platform gets more and more popular. Why are typical Mac users so adverse to this way of thinking?
Reply
Ian S said 2:37PM on 1-03-2007
Comment #1 is quite true. Gotta love OS X but after working with them periodically I can also relate that my experience has been that getting them to fix *anything* is like pulling teeth.
Reply
Grant Hutchins said 3:18PM on 1-03-2007
The month of Apple bugs site has no RSS feed that I was able to find, but this engineer's site does. Needless to say, I will be reading his fix articles and mostly forgetting about reading the actual bug ones.
If they wanted to be relevant they should at least catch up to modern-day meme-spreading.
Reply
Nick said 3:43PM on 1-03-2007
RSS?
There isn't one at the info-pull site, but they've also taken out a site at Blogger called "Apple Fun". That has an RSS feed.
Warning: do not visit this site if you are of a nervous disposition. It has a somewhat juvenile cartoon on the right-hand site that some Apple users may find offensive:
http://applefun.blogspot.com/
Reply
Eric said 5:42PM on 1-03-2007
If Apple release a bug fix every single day or officially publicly state they are investigating the claims, it means they are admitting that their "secure" platform is exploitable for a whole month. This doesn't do good for their reputations.
Getting someone to "unofficially" fix these bugs in the mean time won't damage Apple's reputation (who knows, the engineer may be under the order of Apple to do this) while satisfying security-concerned customers. Then Apple can officially release a security update later (after the month) that people won't associate with the exploitable month.
That's what I think, may be it is completely wrong...
Reply
Matt Carrell said 11:13AM on 1-08-2007
Well the month of bugs must not be going so well if they have to target a third party product like VLC.. Apple is not responsible for bugs in VLC.. afterall, it's developed simultaneously for several platforms..
Reply