|Home » Industry Watch » The Technological
MUFF: Totally Irretrievably Round the Bend
Because you're a fanboy.
It's not just that the Month of Apple Bugs (MOAB) is now more than half over - it's that the fanboys have totally lost it. Fanboy after fanboy tries to distance himself from fanboy after fanboy and the conspiracy theories are mounting each other in a classic fanboy gangbang.
For fanboys it's not so much 'shoot the messenger' as it's 'whine spit and squeal' at him - and ultimately each other. Not the most social sort ever to come out of the homo sapiens mold, the fanboys are starting to show their true colours. And serious users of the OS X platform take note: this is the one thing you have to think twice about when migrating to this platform. If the hardware defects don't get you the fanboys will.
First off we have the illustrious soul who found a bug in a Rixstep product. More accurately, because he didn't just happen upon it - HE WENT LOOKING FOR IT. Why? Because his fanboy feelings were hurt.
Did he find a bug? To be sure. But he produced a few of his own. Not only was his 'proof of concept' incomplete, it was one of the sloppiest most amateurish ever seen - totally and only attributable to a screwed up fanboy. But it doesn't stop there.
For as with most fanboys, this fanboy was MEAN: he deliberately went to Security Focus and BACKDATED the advisory, perhaps taking a lesson from Fred Anderson, Nancy Heinen, and Steve Jobs. And even so, he did a cock-up of it.
He namely searched the Rixstep site for mention of the product (Undercover) and then cutely chose the date after that first article was released. Not realising, in true fanboy fashion, that the product announced on that date wasn't the one he was testing, and totally oblivious, as only a fanboy would be, that 'responsible disclosure' demands one give the vendor a fortnight's notice and a chance to patch the bug.
Which he of course PRETENDED he'd done - except fanboy that he was he didn't realise the product hadn't been released yet. Oh well.
Security Focus were of course onto this amateurish fanboy stunt and corrected the deliberately falsified data. And of course the 'bug' was remedied in a matter of hours - not years as the case often is with Apple bugs.
Score so far? Good guys: 0 [because they couldn't care]; Fanboys: -1.
And now we come to Ilgaz Öcal. He's the ultimate nutter. He puts ordinary fanboys to shame. Nutter Ilgaz has been going on for years about how CLIX, a totally free product, is ruining the reputation of Cocktail, the only program he really truly will ever be able to love. He's namely scared of computers.
To the eternal chagrin - and detriment - of the MUFF Ilgaz has now found their Google BB and is posting things even fanboys would be scared of. His latest theory is that the author of Oompa Loompa, the principal author of Opener, the people behind MOAB and the latest terrorist bombings as well as common pollutants in the planetary water supply are all one and the same.
So, as many have guessed, these script kiddies are going to have fate of lamers, ending up in jail for coding a virus publicly. ;) Not a big surprise really...
um, if they code up a virus in assembly (or really, even make a reasonable attempt), shouldn't that pretty much automatically exclude them from being a script kiddie?
Well, script kiddies are script kiddies and lamers are lamers. Even if they code a OS from ground up, they will be script kiddies in my eyes. x86 assembly is not very big deal at all (except piece of art like GRC disk utility), they will probably use the x86 families famous 'stack' etc weaknesses. Note for them and their supporter Evkfgrc (rot13) morons, whatever your intentions are, if you code self propogating crap, it is exactly 'virus' by any definition and this time, US army working wife whining to military magazines won't save you from jail. Judge doesn't buy 'but...but... Apple didn't care about our whining(or blackmailing)' defense nor the thousands of Apple customers losing real life (which you don't have) money lawsuits.
Why are the Rixstep people morons? Well, as long as Apple haven't patched the vulnerabilities they have uncovered, it seems that Apple doeswn'tc are about their customers, either.
They are publicly supporting them, I think Opener 'thing' (couldn't decide what it is) is also work of these MOAB guys. Look at their cheering after each release and read between the lines to see horrible fanaticsm / jelousy of every successful software company / person / whatever (Cocktail? ;P) they target. Also they have direct connection with these people which may involve helping them. Their titles are not so popular as I can say from Versiontracker numbers but Mac people should know who they deal with while they download their closed source trivialware or even pay for them. Apple can't rush and fix anything involving kernel panics without QA. They may raise other problems. Unlike these morons, some Apple computers are working in mission critical environments. A real 'exploit' means something like Windows port 135 (RPC? forgot) problem. It automatically infected machines and rebooted them. It is not a thing like 'click and try to mount this dmg, it will cause kernel crash' crap. Their method is like port 139 script kiddie 'nuke' method which belongs to IRC lamer channels. While I was 12, I could make my Atari 800xl crash via changing couple of bytes at diskette. I guess I had a future in security business (!). :) They even went low levels of finding (or getting via mail) nuke-like exploit of Colloquy, an open source, free IRC client. Colloquy people fixed it in matter of hour, just like Omni group fixed their browser crash (yes, NOT exploit) in hour, at Sunday, at Macworld time. Apple, Microsoft and even Linux people will never rush a patch unless something in the wild (like virus etc) may take advantage of the crash state. They couldn't manage to show anything like that yet and when they manage to show, people like me waiting on line to contact law enforcement agencies.
That's because blaster was a real-world virus, while the MOAB folks are simply pointing out holes and (apparently) providing proof-of-concept exploits for some of them. Hmm, guess their QA procedures aren't very good. What, exactly, is your problem with the MOAB? Finding exploits is a good thing--if you don't find them, you'll never be able to patch them.
-=End of messages=-
Score now? Good guys: 0 [because they still couldn't care]; Fanboys: -4.0004e+24. Game over. 鸭子.