|Home » Industry Watch
FreeBSD Shines, Apple Fails
'When you dance with the devil, you wait for the song to stop.'
Apple are showing contempt for their customers and developers of epic proportions, writes Paul Rubens of ServerWatch.com. 'Apple's customers are learning the hard way that when you dance with Apple, you'll often be kept waiting a long, long time.'
'If you use Apple's products in your business, be afraid; be very afraid.'
FreeBSD 8.0 was released in the last week of November 2009 and it contained a lot of goodies: network stack virtualisation using a new virtualisation container, an improved USB stack, binary compatibility with Fedora 10 Linux, and an update to version 13 of ZFS. [Apple still don't use ZFS, couldn't deal with it, and seem to have abandoned plans. Ed.]
But an exploit against 8.0 popped up at FD the following Monday.
From: Kingcope <kcope2 () googlemail com>
Date: Mon, 30 Nov 2009 23:12:20 +0100
** FreeBSD local r00t 0day
Discovered & Exploited by Nikolaos Rangos also known as Kingcope.
Nov 2009 'BiG TiME'
There is an unbelievable simple local r00t bug in recent FreeBSD versions.
I audited FreeBSD for local r00t bugs a long time *sigh*. Now it pays out.
The bug was found in the runtime link editor rtld and it affects the new 8.0 release as well as versions 7.1 and 7.0.
FreeBSD issued a patch within hours. FreeBSD security officer Colin Percival made the announcement.
A short time ago a 'local root' exploit was posted to the full disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root. Since exploit code is already widely available I want to make a patch available ASAP.
And that, as they say, was that.
But how do things work at Apple? asks Rubens. Not quite the same way. Rubens cites the now notorious case of Rogue Amoeba's Airfoil Speakers Touch which was handled so badly by Apple that the amoeba are permanently dropping all iPhone development.
A bug fix update took three and one half months to make it through the App Store approval process - all the while customers continued to purchase flawed software and Apple got their 30%.
The reason for the delay? Apple didn't like the amoeba's use of a system API to find official file icons. Suddenly these were Apple property - despite the fact the same icons are made available by Apple themselves for precisely this purpose.
Fourteen weeks later the amoebas figured out what the trouble was, put in a generic icon and link to the Electronic Frontier Foundation, and the app got through.
'The moral of the story?' writes Rubens. 'When you dance with the devil, you wait for the song to stop.'
'Apple's customers are learning the hard way that when you dance with Apple, you'll often be kept waiting a long long time.'
Coldspots: The Version Race
ServerWatch.com: FreeBSD Shines While Apple Fails