Daniel Eran Dilger in San Francisco
Random header image... Refresh for more!

Thom Holwerda of OSNews Calls “Mac Shot First” Misinformation and Slander. Oops!

200803302159
Daniel Eran Dilger
Responding to the article “Mac Shot First: 10 Reasons Why CanSecWest Targets Apple,” Thom Holwerda of OSNews wrote a point by point essay titled “Countering Misinformation” that described my article as “an unrivaled wealth of misinformation, [with] some things even bordering on slander.” Of course, one can’t write slander (it’s called libel), but his serious accusations failed to refute any of the points I raised, and really betray his effort to smear me rather than correct any facts I presented. He’s wrong, here’s why.

Countering misinformation, OSNews
Mac Shot First: 10 Reasons Why CanSecWest Targets Apple


To get a sense of Holwerda’s biases, his initial OSNews report on the CanSecWest event echoed the sensationalism of bloggers and corporate media sources. He even tied in a blurb from the fatally flawed 0-day study released by the Swiss Federal Institute of Technology for good measure.

CanSecWest and Swiss Federal Institute of Tech Deliver Attacks on the Reality of Mac Security

The following letter presents why OSNews’ article accusing me of slander and misinformation was wrong and asks the author to print a retraction to the misstatements and errors he made. It also serves as an outline for both how to effectively disagree, and how easy it is to present an argument of logical fallacy.

How to Disagree
Fallacy – Wikipedia

OSNews: Please Issue a Correction.
Hi Thom,

I write RoughlyDrafted. In your article “Countering misinformation,” you accuse me falsely characterizing the CanSecWest contest and slandering unstated parties. The problem is, while you spare no effort in tarring and feathering my article and me personally, you don’t actually seem to understand the points being made, and fail to actually address them.

1. “Exploits discovered for the Mac have little other value outside of contests like CanSecWest.”

The point here is that exploits for other platforms have value outside of CSW. You went off on a tangent that assumed the reason for there being no Mac malware market based on speculation and fantasy, and then state the obvious that exploits need to be fixed. You never addressed the actual point though.

If a black hat researcher discovered an exploit for Windows, would they sell it as malware, or attempt to get $10,000 in a once a year contest with it, racing against other contestants and potentially getting nothing if they are beaten? Now, if they found an exploit affecting Mac OS X, as Miller did, they have no option but CSW. You danced all around the point, but never addressed it.

2. “The CanSecWest contest clearly appears intent to transfer the security focus belaboring Windows to other platforms.”

You accuse me of conspiracy thinking and then say “I am not really sure why they detail Microsoft’s ‘Get the facts’ debacle, as it is of no relevance at all,” but that was the entire point. If you can’t see relevance between Microsoft’s marketing machine, which actively pays for false headlines, and the false headlines generated by the Microsoft supported contest, then you’re not very good at connecting dots.

There is no conspiracy theory here. CSW was aware of the headlines they were going to be generating because they did the exact same thing last year. Those headlines refuted what is known to be the case–that Macs have no real malware while Windows PCs are plagued with it and have been for years–in what can’t be easily refuted to be anything other than an effort to “transfer the security focus belaboring Windows to other platforms”

CSW discredited themselves by hosting a sensationalized contest, and without ever correcting or clarifying the misinformation the media reported. You can argue CSW’s motivations, but that’s why I used the language “clearly appears intent.” It did!

[Update: while the motives of those setting up CanSecWest's contest can be argued both ways, Microsoft's maximizing of the simplistic marketing message in the media can't. Jeff Jones, a director in Microsoft's security group, blogged about the winning Mac OS X crack, noting:

“I don't really care for 'hack the box' contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right circumstances. So, don't read too much into the PWN 2 OWN results. I don't.”

Jones' blog is headlined “SECURITY IS NOT SIMPLE, SO WE SHOULD TRY NOT TO SIMPLIFY IT TO THE POINT OF USELESSNESS.” However, he also added, “having said that, given how obnoxious and misleading I find those Mac OS X ads and how they've spent millions of dollars publicly criticizing Windows Vista security improvements, I find it ironic and apropos that Mac OS X was the first machine to be owned in the PWN 2 OWN contest at CanSecWest today.”

The media only reported his final line. Further, Jones' comment that Apple's 'Get a Mac' ads are “misleading” is fully unsubstantiated. Windows Enthusiasts like to work themselves into a frenzy relating how upset they are about this message, but they don't refute it. Also, saying Apple spends “millions of dollars publicly criticizing Windows Vista security improvements” is not really accurate or fair.

Jeff Jones Security Blog : Mac OS X Security - Reality Check #2]

3. “The contest prominently focused attention on the brand name of the MacBook Air.”

You pedantically looked up the model numbers of the other laptops, but none of the headlines nor the stories relating the event presented any of those details. The points I raised were not an attack on CSW itself, but “10 Things to Remember About CanSecWest and Software Vulnerabilities,” in other words, a refutation to the sensationalized stories presented by the mainstream tech media.

4. “The Mac exploit was something Charlie Miller had in hand when he arrived.”

Again, you argue against the words without understanding the point. I wasn’t arguing that Miller should have been ill prepared, I was noting that Miller did not crack the Mac in two minutes due to its being a Swiss cheese of holes, as the media reported. Your inability to directly refute any point I make indicates that you’re more interested in a delivering a personal smear than correct any “misinformation.”

[Update: Some people think this was a controversial idea I invented. It is not. Reader Don Bach sent in a link to an article interviewing Miller, and he states, with regard to the Mac OS X exploit he used to win the contest, “We sat down about three weeks ago and decided we wanted to throw our hats into the ring. It took us a couple of days to find something, then the rest of the week to work up an exploit and test it. It took us maybe a week altogether”.

Miller's comments intended to express how trivially easy it was to find an exploit by raking through FOSS code that Apple hasn't updated, but it also points out that Miller had a plan in hand and was politically motivated beyond many of his colleagues to find an exploit that would target the Mac. The rest of the article repeated portions of Jones' comments above, devoid of any context. Shame on Softpedia.

Microsoft Finds Irony in Mac OS X Getting Hacked Before Vista SP1 - Courtesy of Jeff Jones, Strategy Director in the Microsoft Security Technology Unit - Softpedia ]

5. “The researcher who cracked the Vista machine was stymied by the fact that he didn’t expect it to have SP1 installed, according to a follow up report by IDG’s Robert McMillan.”

There were multiple points under this subheading, but the main one was that CSW is held at an arbitrary time, and that its results this year do not reflect the security of Vista users over the last year, nor Linux users prior to the day of the event. I also noted that last year, Apple delivered patches right before the event.

The point was not that SP1 should have been excluded, but that CSW’s test says little about the status of actual, real world security of the involved platforms. It is simply not a reflection of the security one can expect as a past, present, or future user of either platform, yet that’s what the media portrayed it to mean. This is a gross simplification serving as misinformation.

Certainly, the volume of malware and viruses affecting Windows, the real world losses Windows users face, and the real inconvenience of being under constant attack and needing to run antivirus software (which exposes vulnerabilities of its own) is more relevant than a publicity stunt biased against open source, biased against politically motivated targets, and based on a version of software that most Windows users are not using (most users are not using Vista, and Vista users are still advised against installing SP1 as I noted).

6. “Miller reported hacking something related to Safari, but the details haven’t been revealed.”

At the time of writing the article, the attack vector had not been fully revealed. The point was that it was not clear what the issue was. This was not an attack on CSW or Miller, but listed as one of “10 Things to Remember About CanSecWest and Software Vulnerabilities.”

Your need to attack every one of these items, without actually addressing the real point of any of them, indicates that you have an agenda of attacking me personally, not a real interest in clarifying the facts. I was presenting facts, not outlining why Apple was good and Microsoft was evil, or why Miller or CSW were bad. I was presenting why the media reports of the event were misleading. The ten points are “things to remember,” not complaints directed at CSW, Miller, Microsoft or any of the other targets you imagined.

Again, your point by point dismissal, each of which fails to actually address the idea being presented, demonstrates you are intent on a smear job, not a rebuttal of facts.

7. “Attendees with the ability to crack Linux ‘didn’t want to put the work into developing the exploit code that would be required to win the contest’, according to [an] IDG article.”

Here, you simply misquote me in saying I “stated that exploits for Macs were not used by malware creators in the wild because the Mac’s userbase is too small, and now [I] claim that an exploit for a home operating system whose userbase is probably even smaller can be sold for a lot of cash?”

It was you that invented the idea the Mac user base is too small, but that’s not the real reason there’s no Mac malware market, as I point out later in detail. I also note that many exploits that could be lodged against Linux may also be used to target Windows or Macs, including the Flash flaw that was used to exploit Vista on the third day. It apparently could have been used against Ubuntu as well.

Next, you say I misquoted IDG’s article. You are simply wrong; I did not, as your own quotations show.

You then talk about IDG not making the point I made about motivation, and insist that there was no empirical study done proving beyond a reasonable doubt that a certain number of Linux vulnerabilities were not used. This is simply ridiculous, specious, and makes no valid point. You haven’t refuted the idea that there was no one advertising a political motivation to attack Linux, and clearly there was not.

On the other hand, Miller quite clearly expressed a political motivation for exposing Mac security, whether you chose to believe he did so to embarrass Apple, to make Microsoft look good in comparison, or simply because he loves Macs and want them to improve.

8. “Many exploits and vulnerabilities are not unique to ‘Mac, Windows, or Linux’, but instead are cross platform threats.”

You say “This is a very valid remark, but also an utterly irrelevant one in this specific context.” Wrong, the very point was that potential attacks on Linux might well be used against Windows instead, which clearly happened on day three because a cross platform attack on Flash was used to compromise Vista and not the Linux machine.

The point is that researchers were free to attack the system they wanted, and cross platform attacks were targeted as the contestants chose, not in some level playing field way that exercised the security of each platform equally.

That was the core point of the entire article, as stated in the beginning: “rather than being a level contest to expose the flaws in the three systems, it was really a contest highlighting the knowledge and abilities of the researchers, each of whom targeted the platform of their choice.”

You get sidetracked talking about WebKit, which is not related to the point I made at all. Your talk about children and cookies is also completely irrelevant. If you are going to “refute” the information I’m presenting, writing your own missives that have nothing to do with my comments does nothing but indicate that you don’t understand the arguments being made.

9. “Miller has repeatedly stated that his life’s work is to discredit the security of the Apple’s platforms.”

Again, you dodge the point and write about unrelated subjects. You did not refute that Miller came prepared and ready to hack, while there were no high profile black hat hackers who voiced an intent to embarrass Microsoft of Ubuntu prior to the contest.

Instead, you say Linux users must be interested in getting money, and that they contribute flaws in public databases. The problem with your idea is that the press doesn’t create sensational headlines based on bug reports in Mozilla’s Bugzilla listings, as they do from CSW’s press releases. Also, you don’t refute the idea that any exploits that may work on Linux might otherwise be sold as Windows malware vehicles, although you agreed that was a valid remark.

Secondly, you ask why the Flash exploit was only used on the third day to get a $5,000 prize. If you were familiar with the contest, you’d know that attacks on third party apps were only allowed on the third day. This betrays your ability to criticize, because you are talking past your knowledge.

10. “Apple’s use of open source makes it easier for researchers like Miller to identify exploits.”

In your comments, you insist this is not true, then backtrack to say it is. It most certainly is, for the reasons I outlined. I did not say this makes any exploits of FOSS-related code in Mac OS X uncountable as exploits against the Mac, but rather outlined that such exploits have often already been fixed outside of Apple, and can be distributed at minimal effort. Apple appears to have internally released a patch for the PCREL flaw Miller found the same day as the attack.

I noted that Apple’s use of open source served to harden, not weaken, its security profile. I did not excuse Apple for having an explosed flaw related to a delay in updating its imported code, and noted the criticism of Apple’s updating pace in both this article and the previous. I also presented context describing why Apple might delay in releasing code.

In your conclusion, you accuse me of “an unrivaled wealth of misinformation,” which you never spell out, and say “some things even bordering on slander,” which you similarly failed to mention. Also, slander relates to spoken attacks; libel was the word you were after, but it is a serious accusation to make without providing any backing.

Your half-baked reply cheapens the reputation of OSNews and defames me and my site through your own failing to understand the issues involved, the points I raised, and why I raised them. Repeated accusations that I presented “misinformation” raises your article to the level of libel itself. You owe it to your readers to print a retraction.

Dan

Daniel Eran Dilger
RoughlyDrafted Magazine
www.roughlydrafted.com

CanSecWest and Swiss Federal Institute of Tech Deliver Attacks on the Reality of Mac Security
Mac Shot First: 10 Reasons Why CanSecWest Targets Apple

What CanSecWest Means for Platform Security.
For what it’s worth, most of my criticisms and context are presented to refute the simplistic, false reports of CanSecWest in the corporate tech media and by bloggers who should have known better. CanSecWest’s contest is set up to be a bit sensationalistic, but the point appears to be to discover flaws and deliver them to the vendor to fix, improving both the platforms, their related software (on day two), and third party tools (on day three).

From that perspective, CanSecWest provides a valuable alternative to the malware market, which currently serves as the primary motivator for discovering flaws. As similar mechanisms are created to find and solve vulnerabilities in software, everyone will win, from users to platform vendors to third party developers. Well, everyone but the malware industry.

I really like to hear from readers. Comment in the Forum or email me with your ideas.

Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

Technorati Tags: , , , , , ,

22 comments

1 ericdano { 03.31.08 at 1:33 am }

You go man. Reason will prevail!

2 dssstrkl { 03.31.08 at 1:50 am }

While I usually enjoy reading your rebuttals, I can’t help but that that you’re giving OS News some undeserved credibility by acknowledging them in this fashion. While I can’t point to my own reading habits as a real indication of what’s good or not, but I had to kill my OS News RSS feed months ago due to the dreadful quality of their articles. It seemed to me that everything of theirs that I read was a mess of emotional and misinformed ranting, and the story you linked to was no different.

3 jfatz { 03.31.08 at 1:58 am }

Your use of quotation marks in the URL of this article seems to be creating a bit of havoc in side-linking attempts… ^_^;;

4 jfatz { 03.31.08 at 2:22 am }

Ah well, if you or anyone else wants to poke your heads in at Fark and smack a few people about… ;-) ( http://forums.fark.com/cgi/fark/comments.pl?IDLink=3502637 )

Of course everyone here is a pathetic spinner or a “Jobs-knobber” or something to that affect…

5 John E { 03.31.08 at 3:43 am }

well, i still can’t get over the total lack of info about how the CSW “contest” was really set up – to see if it was fair or basically rigged.

how was each computer set up? what user mode? what kinds of system security settings on/off? passwords? etc.

was any third party security software installed on the Vista PC? what third party software was installed on each computer?

did the Mac hack get real control of the computer, partial control of one/two programs? or just access to some files?

you know, a legitimate contest is always transparent about such things.

6 dssstrkl { 03.31.08 at 3:53 am }

@ John E: All of the computers were configured as “out of the box,” so the Vista machine should no have had any third-party security software, but Vista does ship with some security software and with its firewall active. The WebKit bug allowed ssh access to the Mac, so while it wasn’t rooted, it did allow Miller access to the valuable parts of the system, namely the user directories.

7 seth { 03.31.08 at 8:31 am }

Dan, I love your blog but I think you’ve exhausted the CanSecWest issue. No matter how skewed the criteria and results were, the MacBook did get exploited using a Safari bug.

Let’s move on to bigger and better things like the iBlackberry!

8 greendave { 03.31.08 at 9:28 am }

My Macs are sat at home connected to the internet and my locked house door prevents people getting to them. Exactly how does this exploit affect me? I heard the mac had to be navigated to one specific website using Safari – millions of sites and emails infect PCs. Which part of “I have never had a virus in 20 years on any of my Macs” do they not understand? Dan, don’t give them any credibility by even mentioning them.

9 stormj { 03.31.08 at 12:07 pm }

Daniel,

Look man, I love how you’re so good at smacking down misinformation about Apple, but take a step back and look at the big picture. Think about how news works.

It’s *not* news if a bunch of hackers find a Windows vulnerability, because people have been reading those headlines for years.

It’s not news if there’s a Linux exploit because nobody cares. Which Linux? Which version? On what hardware? Maybe IT people care–but it’s not consumer news.

No one I know with a Mac runs any kind of anti-virus, anti-spyware, or anti-malware program. Apple touts this is their I’m a Mac, I’m a PC ads.

That means they are opening the door “news” about any potential security threat.

If you or any of Apple’s actual spinmeisters just pointed this fact out–it’s news because Macs are, on the whole, so damn secure, you’d be winning the battle without engaging in sand lot name calling with irrelevant punks like the above.

10 MikieV { 03.31.08 at 12:20 pm }

Dan,

Something which struck me as odd, initially, when reading the contest rules – Was that contestants could only use a “hack” on one of the three platforms…

So, the flash vulnerability could have been used cross-platform, but the rules forced the contestant to chose only one of the three platforms – I guess to give the other contestants a chance to use that same vulnerability, if they had discovered it independently.

Makes me wonder: Did they only give one of each computer away?

i.e. since the Mac was won by Miller on day #2, was there another Mac available to win on Day #3… or were the Vista & Ubuntu machines the only two “up for grabs”?

11 coolgrafix { 03.31.08 at 12:26 pm }

dssstrkl,

Had to ditch OS News a while back myself, for the same reasons. Thought maybe it was just me. =)

12 gus2000 { 03.31.08 at 12:30 pm }

You’re being too hard on them Dan, particularly on #3. After all, it’s not CanSecWest’s fault that Apple knows how to properly market their products (“Air”) while all other laptop vendors are incapable of anything more exciting than a cryptic part-number.

“Silence, Earthling! Or I will disintegrate you with my Pu-36 Explosive Space Modulator.” – Marvin the Martian

13 John Muir { 03.31.08 at 1:34 pm }

@ stormj

I don’t get what you’re saying. Sensationalism like this affair would be un-newsworthy if Apple did X? Define X.

14 jmadlena { 03.31.08 at 1:59 pm }

@ John Muir
I think what stormj is saying is that if Apple made the point that it is such a big deal when a flaw is found (in Mac OS X, Safari, etc…), that would be a great campaign.

Instead of trying to make Macs seem invulnerable, which they aren’t – but then again, nothing is invulnerable with a stupid user – they should just show the facts, and the fact that security flaws are few and far between.

That’s why it’s such a media sensation when a flaw is found, because it’s so rare.

15 beanie { 03.31.08 at 3:44 pm }

2. “The CanSecWest contest clearly appears intent to transfer the security focus belaboring Windows to other platforms.”

According to the CanSecWest organizer, he came up with the contest in 2007 because of Apple’s little or no participation in the security community, Apple putting pressure to remove scheduled topics on Mac security flaws, and Mac ads which make users think how secure they are. He said when it comes to Mac security, users have their heads in the sand as usual.

3. “The contest prominently focused attention on the brand name of the MacBook Air.”

The prizes were three desirable ultra-portables to give incentive. Ubuntu was on a nice 11″ Sony VAIO costing about $2,200. Vista was on 6″ Fujitsu UMPC costing about $900. And of course, MBA costing about $1,700.

I’d say the OSNews guy made a good point that Ubuntu has a small userbase and that a Ubuntu desktop hack is worthless. The contest focused on client OSes. A Linux hack for the server-side might be worth something, but not for the client-side. So the contest prize of $5,000-$10,000 and a nice $2,200 VAIO is enough incentive.

Political reason to hack Ubuntu? Ubuntu is the most popular desktop Linux by far. It is a threat to Microsoft’s desktop and a lesser extent Macs. Microsoft being one of the many sponsors probably would have liked to see Ubuntu hacked as well. From the 2008 PWN2OWN results, Ubuntu was the last standing and winner. Tell Microsoft to send some better Ubuntu hackers next year.

16 NormM { 03.31.08 at 3:47 pm }

Dan,

My favorite articles of yours are the ones where you bring together context, knowledge and insight to give your readers a clear view of Apple technology and a compelling vision of the future. While I think your articles that expose stupidity, misinformation and sophistry are important and interesting, I feel these are sometimes more incendiary than necessary and have a tendency to raise issues that distract from the essential points you’re trying to make.

I thought this was the case with your CanSecWest deconstruction. Your essential point is that this contest has no correlation with real-world experience with security issues, and yet the media will inevitably report it as if it does. This makes the contest a good vehicle for MS and its apologists/enablers to use to manipulate public perceptions.

You present a set of detailed arguments to develop this point. Thom Holwerda clearly has a strong bias in his worldview and I agree that he didn’t address your essential points, but I also think he missed the essence among the details he was reacting to. In fact, I thought that your response to some of Thom’s criticisms significantly clarified your article, which suggests to me that you could have been clearer to start with. For example, I initially misunderstood what you were saying about the market for Windows security exploits: you were just making the point that it’s bigger because Windows is a significant and easily exploitable real-world target, not merely because it is the largest target. This is clearly true about Windows in general and a strong criticism of taking the results of the contest seriously, but it’s much less obvious that this directly influenced the behavior of contestants. Are they all involved in that market? Is Vista significant enough and easy enough to exploit that there is a big market specifically for Vista exploits?

Similarly, I thought that Thom’s point that it was Apple that left a known and exploitable bug in their own Webkit (and so any delay in patching it is entirely their fault) is a perfectly valid criticism, but the real issue seems to be how quickly a fix needs to be disseminated to avoid having a platform become an attractive target for exploits. So far the empirical answer seems to be that Apple is acting fast enough.

17 pa { 03.31.08 at 5:45 pm }

The main points of contention in this contest are what it is trying to accomplish, and how it is being reported. Daniel Eran Dilger addresses the first part very well. Namely, that it accomplished nothing other than the obvious: These are security issues on every platform. It did not and cannot prove which platform is more secure based on who hacks which OS first under the conditions of the contest.
The second part (how it’s reported), addressed in point 2 of Daniel’s article, is much easier to address and does not require any special technical ability. Taken together with points 5 and 7, it can be re-stated in the following manner:

Many reports pointed to the outcome of the contest as suggesting that Mac OS X lost the contest. Here is a sampling of headlines:

“Apple is loser in three-way hacking contest” — by Robert McMillan, IDG News Service posted on TechWorld
“Security Showdown: OS X Caves First, Vista Buckles (Due To Flash), Ubuntu Wins” — InformationWeek
and of course,
“Apple is loser in three-way hacking contest” — by Thom Holwerda of OS news
(notice how this title resembles the one by McMillan)

The purpose of this charade is to block the adoption of Mac OS X in corporations. Recall we have read pronouncements against adoption of iPhones in the corporate environment already.

The claim goes like this:

As this contest shows and as claimed by the Swiss researchers, Mac OS X is less secure than Vista.

The inferred conclusion:

Therefore companies who are considering (as they should) an upgrade from Windows XP should consider Vista, since it is more secure than Mac OS X.

Why is this a conspiracy? Easy!

If it weren’t, we would be reading articles claiming Vista remains a major security concern and corporations are advised not to embrace it, given that it was compromised after two days by a hacker who did not even expect to be going up against the latest security update (SP1). Since Apple, by their own admission are not yet ready to target the enterprise, and they lost on the first day, we cannot recommend them either. However, Linux was the clear winner of the contest, and did not even pose enough risk to warrant attention by the Swiss researches. Therefore all enterprise customers are advises to drop any plans to move to Vista and instead embrace Linux across the board on the Server and the desktop.

Sadly, I have not come across a single article heralding a new age for Linux as a result of this contest. But there are plenty pointing out the failings of Mac OS X security compared to Vista, which also was hacked nevertheless.

18 Doxxic { 04.01.08 at 6:46 am }

Reading the OS News blog versus Roughly Drafted, it occurs to me that the principle difference is the perspective that’s being taken.

OS News focuses on the technical qualities of the OSes and the intrinsic fairness of the testing procedures.

RD focuses on the real world security of the OSes and, in relation to that, the unfairness of how the testing outcomes will affect the OSes reputations.

Like a real tech geek, Holwerda seems to remain blind to Eran’s perspective, countering Eran’s arguments with arguments that underline the test’s intrinsic qualities, while missing the point of Eran’s comments, which is that the test outcomes suggest that the Mac is less secure than the PC, while in the real world the opposite is the case.

Eran, on his turn, can’t imagine that Holwerda’s is enough of a naive tech geek to be blind to that, and suspects that the test has been set up the way it has deliberately in order to generate a newsworthy outcome, resulting in extra pagehits for OSNews.com.

Personally, I think Holwerda’s motives contain a bit of both.
I think his geeky curiosity for the intrinsic security of the various OSes is sincere. It fits with the nature of OSNews.com in general.
But I don’t think he’s truly totally unaware of the way he contributes to a false perception of the various OSes’ securities and the extra pagehits OS News gets this way. I suspect Holwerda just tries not to think about it.

19 John Muir { 04.01.08 at 6:59 am }

@Doxxic

As nuanced an explanation as I’ve heard. Sounds just about right. Many of the circular arguments going on in tech, just like any other field, are actually as Paul Graham described in Daniel’s link:

“unfortunately it’s common for counterarguments to be aimed at something slightly different. More often than not, two people arguing passionately about something are actually arguing about two different things. Sometimes they even agree with one another, but are so caught up in their squabble they don’t realize it.”

That’s definitely my experience with Windows using friends who wallow in self pity whenever their systems go horrifically wrong, yet leap back in glee with tales like this on the web. Everyone has their motives. Some of these are in truth more psychological than cynical.

20 stefn { 04.01.08 at 10:30 am }

I always enjoy Daniel’s analysis and corrective perspective, corrective to the fud the fills tech media sites.

I do think Daniel is most effective when he can have some fun with the foolery, rather then get hooked into it.

Suggestion: Don’t fuel the fud.

21 gus2000 { 04.01.08 at 3:31 pm }

“Corrective Perspective”? I like that. It should be RDM’s tagline…

ROUGHLYDRAFTED MAGAZINE: Corrective Perspective.

The most contentious point of this discussion appears to be identifying the motives of everyone involved, which compels me to quote Grey’s Law:

“Any sufficiently advanced incompetence is indistinguishable from malice.”

22 Doxxic { 04.02.08 at 10:28 am }

“Any sufficiently advanced incompetence is indistinguishable from malice.”

That one’s brilliant. Makes me wonder if some politicians I personally loathe might actually not be going to hell…

You must log in to post a comment.