That one’s brilliant. Makes me wonder if some politicians I personally loathe might actually not be going to hell…

ROUGHLYDRAFTED MAGAZINE: Corrective Perspective.

The most contentious point of this discussion appears to be identifying the motives of everyone involved, which compels me to quote Grey’s Law:

“Any sufficiently advanced incompetence is indistinguishable from malice.”

I do think Daniel is most effective when he can have some fun with the foolery, rather then get hooked into it.

Suggestion: Don’t fuel the fud.

As nuanced an explanation as I’ve heard. Sounds just about right. Many of the circular arguments going on in tech, just like any other field, are actually as Paul Graham described in Daniel’s link:

“unfortunately it’s common for counterarguments to be aimed at something slightly different. More often than not, two people arguing passionately about something are actually arguing about two different things. Sometimes they even agree with one another, but are so caught up in their squabble they don’t realize it.”

That’s definitely my experience with Windows using friends who wallow in self pity whenever their systems go horrifically wrong, yet leap back in glee with tales like this on the web. Everyone has their motives. Some of these are in truth more psychological than cynical.

OS News focuses on the technical qualities of the OSes and the intrinsic fairness of the testing procedures.

RD focuses on the real world security of the OSes and, in relation to that, the unfairness of how the testing outcomes will affect the OSes reputations.

Like a real tech geek, Holwerda seems to remain blind to Eran’s perspective, countering Eran’s arguments with arguments that underline the test’s intrinsic qualities, while missing the point of Eran’s comments, which is that the test outcomes suggest that the Mac is less secure than the PC, while in the real world the opposite is the case.

Eran, on his turn, can’t imagine that Holwerda’s is enough of a naive tech geek to be blind to that, and suspects that the test has been set up the way it has deliberately in order to generate a newsworthy outcome, resulting in extra pagehits for OSNews.com.

Personally, I think Holwerda’s motives contain a bit of both.
I think his geeky curiosity for the intrinsic security of the various OSes is sincere. It fits with the nature of OSNews.com in general.
But I don’t think he’s truly totally unaware of the way he contributes to a false perception of the various OSes’ securities and the extra pagehits OS News gets this way. I suspect Holwerda just tries not to think about it.

Many reports pointed to the outcome of the contest as suggesting that Mac OS X lost the contest. Here is a sampling of headlines:

“Apple is loser in three-way hacking contest” — by Robert McMillan, IDG News Service posted on TechWorld
“Security Showdown: OS X Caves First, Vista Buckles (Due To Flash), Ubuntu Wins” — InformationWeek
and of course,
“Apple is loser in three-way hacking contest” — by Thom Holwerda of OS news
(notice how this title resembles the one by McMillan)

The purpose of this charade is to block the adoption of Mac OS X in corporations. Recall we have read pronouncements against adoption of iPhones in the corporate environment already.

The claim goes like this:

As this contest shows and as claimed by the Swiss researchers, Mac OS X is less secure than Vista.

The inferred conclusion:

Therefore companies who are considering (as they should) an upgrade from Windows XP should consider Vista, since it is more secure than Mac OS X.

Why is this a conspiracy? Easy!

If it weren’t, we would be reading articles claiming Vista remains a major security concern and corporations are advised not to embrace it, given that it was compromised after two days by a hacker who did not even expect to be going up against the latest security update (SP1). Since Apple, by their own admission are not yet ready to target the enterprise, and they lost on the first day, we cannot recommend them either. However, Linux was the clear winner of the contest, and did not even pose enough risk to warrant attention by the Swiss researches. Therefore all enterprise customers are advises to drop any plans to move to Vista and instead embrace Linux across the board on the Server and the desktop.

Sadly, I have not come across a single article heralding a new age for Linux as a result of this contest. But there are plenty pointing out the failings of Mac OS X security compared to Vista, which also was hacked nevertheless.

My favorite articles of yours are the ones where you bring together context, knowledge and insight to give your readers a clear view of Apple technology and a compelling vision of the future. While I think your articles that expose stupidity, misinformation and sophistry are important and interesting, I feel these are sometimes more incendiary than necessary and have a tendency to raise issues that distract from the essential points you’re trying to make.

I thought this was the case with your CanSecWest deconstruction. Your essential point is that this contest has no correlation with real-world experience with security issues, and yet the media will inevitably report it as if it does. This makes the contest a good vehicle for MS and its apologists/enablers to use to manipulate public perceptions.

You present a set of detailed arguments to develop this point. Thom Holwerda clearly has a strong bias in his worldview and I agree that he didn’t address your essential points, but I also think he missed the essence among the details he was reacting to. In fact, I thought that your response to some of Thom’s criticisms significantly clarified your article, which suggests to me that you could have been clearer to start with. For example, I initially misunderstood what you were saying about the market for Windows security exploits: you were just making the point that it’s bigger because Windows is a significant and easily exploitable real-world target, not merely because it is the largest target. This is clearly true about Windows in general and a strong criticism of taking the results of the contest seriously, but it’s much less obvious that this directly influenced the behavior of contestants. Are they all involved in that market? Is Vista significant enough and easy enough to exploit that there is a big market specifically for Vista exploits?

Similarly, I thought that Thom’s point that it was Apple that left a known and exploitable bug in their own Webkit (and so any delay in patching it is entirely their fault) is a perfectly valid criticism, but the real issue seems to be how quickly a fix needs to be disseminated to avoid having a platform become an attractive target for exploits. So far the empirical answer seems to be that Apple is acting fast enough.

According to the CanSecWest organizer, he came up with the contest in 2007 because of Apple’s little or no participation in the security community, Apple putting pressure to remove scheduled topics on Mac security flaws, and Mac ads which make users think how secure they are. He said when it comes to Mac security, users have their heads in the sand as usual.

3. “The contest prominently focused attention on the brand name of the MacBook Air.”

The prizes were three desirable ultra-portables to give incentive. Ubuntu was on a nice 11″ Sony VAIO costing about $2,200. Vista was on 6″ Fujitsu UMPC costing about $900. And of course, MBA costing about $1,700.

I’d say the OSNews guy made a good point that Ubuntu has a small userbase and that a Ubuntu desktop hack is worthless. The contest focused on client OSes. A Linux hack for the server-side might be worth something, but not for the client-side. So the contest prize of $5,000-$10,000 and a nice $2,200 VAIO is enough incentive.

Political reason to hack Ubuntu? Ubuntu is the most popular desktop Linux by far. It is a threat to Microsoft’s desktop and a lesser extent Macs. Microsoft being one of the many sponsors probably would have liked to see Ubuntu hacked as well. From the 2008 PWN2OWN results, Ubuntu was the last standing and winner. Tell Microsoft to send some better Ubuntu hackers next year.

Instead of trying to make Macs seem invulnerable, which they aren’t - but then again, nothing is invulnerable with a stupid user - they should just show the facts, and the fact that security flaws are few and far between.

That’s why it’s such a media sensation when a flaw is found, because it’s so rare.

I don’t get what you’re saying. Sensationalism like this affair would be un-newsworthy if Apple did X? Define X.