Maybe an exploit contest could be started after each browser revision, where winning submissions must be exploiting a bug introduced by that version of the software.
Would you mind clicking this link...
On the Apple, I run Security Update habitually. What software for virus scanning, additional protection do you recommend?
By the folks who go to CanSecWest, anyway.
But every time I fire up Firefox my entire body cringes at the sluggishness. For many Mac users, myself included, this is going to be a real test of discipline.
And I use the Grapple Delicious theme (very mac like): http://www.takebacktheweb.org/
The problem is that Firefox isn't much slower, but it's noticeably slower, so it's tough to complain about but very irritating.
/me ponders how secure lynx is
(I used to sell Next software for about 6 months and got to use a NextStation every day. Very cool - later at another company I got to speak with the GUI designer Keith Ohlfs and personally thank him for the best copmuter experience I ever had.)
For instance, NextStep's POSIX interface was broken and thus, Next was not able to compete against the then-very-inferior SunOS in government contracts (because POSIX compliance was a requirement).
Instead, Next did win in CIA/NSA and other exempt contracts where the solution was considered to be "custom" and thus didn't have to follow the standards.
It probably would have taken a competent Next programmer a few weeks to fix the POSIX layer - but since POSIX was viewed as "dumb" it was never made a priority.
Apple is letting some of the boring stuff slip - which is a danger sign. Programmers at Apple can't all be programming the cool CoverFlow stuff and ignoring the "guts".
He said in his reply (and I wish I could find it) that POSIX compliance was a big deal for OS X, and part of the reason why so much of the FreeBSD userland was being used (I was also involved in some parts of FreeBSD at the time - there was a whole initiative around making it fully Posix compliant, way before any other free UNIX).
I knew some of the history with Next and POSIX, your comment tied the story together for me. It does show that Jobs learned his lesson when he went back to Apple.
Now more on the topic at hand. Apple need to handle security issues better. Not just in terms of disclosure but in response times and communication with the industry. You don't see many/any Apple reps at the major conferences, and no engagement at all. It was always generally known within the industry that Apple owed much of its OS X security to the fact that it just wasn't a big target. The commercial UNIX releases and Linux were targetted because they ran the worlds servers, and Windows was targeted because it was the worlds desktop. Now with OS X gaining market share they are getting more attention from sec experts and hackers.
Microsoft reformed their security policies back in 2000, after IIS 4 had a horrible run and the code red worm ran wild. Many top security and secure coding experts went to work at Microsoft at the time - it was a major shift (implementing security checks in every step of the dev process across the whole company). Apple have only had to do this more recently, and they haven't really perfected it.
They surely tested them all ahead of time, so why did anything take any longer than a few seconds?
