Tiger is GO!!!!!!!

[Viro]

No, that's a big difference as libc is open source and I can replace it, change the source code or whatever I want. I can't just disable or edit some webkit functions. And as there are some security issues with the webkit all apps that uses it are vulnerable and I can't change this without breaking allthese apps. And waiting until Apple closes these holes is like hoping that Microsoft gets Windows fixed.

Yes I agree, libc is a very rudimentary library, that only provides ANSI C routines. A more serious example would be trying to replace KHTML on KDE with ... something else like Gecko, or getting Firefox to use KHTML instead of Gecko. It's not easy, and you'll break loads of stuff. What specific problems do you have with WebKit that make you want to disable it so much?

Just take the (very easy to fix) mRouter vulnerability. This one is a really huge hole with exploits available for download. And I KNOW that this already got exploited in some schools to modify/look at files as 'root'. If Apple would provide the sources everyone can fix this but so the only thing you can do is remove the suid flag or remove mRouter completly. And to make it even better I 've got a working trojan on my testsystem that exploit this (for over 2 month unfixed) and automatlically send itself to every mail address it can find in any users addressbook.

It's a local exploit. At best, you can write a trojan for it, and trick the user into running it. That's very different from a virus. No OS is safe from trojans. It's trivial to write an app that tricks the user into typing in the administrator password. Not so trivial to write an app that replicates it self _without_ any user intervention (key trait of a virus).

A fix has been provided if like you said. So what's the big deal? As it is, it looks like you're throwing the baby out with the bath water. Trojans can be made for any OS. I think you may be over reacting, but what do I know...

EDIT: This has really gone off topic though...

 

[fryke]

Well, to each his own. There's linux for your Mac. Also, you can actually _choose_ not to use WebKit. Use Firefox. And Eudora for E-Mail. And an RSS-reader that _doesn't_ use WebKit (so no NNW2). Problem solved. Dashboard? Just disable it. It's easy. You could probably even safely delete it if you find the right files, but why the heck would you actually _want_ to?

Don't get me wrong: I agree that Apple sometimes seems a bit slow at fixing security holes, even if they're local ones only. (Remember that once you have a hole through which you can login, you're basically a local user. That's often forgotten. I.e. once you can ssh into the box, you're a user there.)

But this hasn't got anything to do with Tiger in my opinion. At least not directly. Apple has to appeal to more than just security geeks. As long as Mac OS X is more secure than Windows and linux (and FAR easier for the average user to control and get fixes, since John Doe probably doesn't want to recompile a kernel or even "just" some library or mail client with newer patches - and on linux the alternative is waiting for RedHat to release a patch through SU, just like with Apple...), I think I feel safer "over here".
At first glance, things like Dashboard might look like "gamers' stuff" to you, but it's actually a productivity tool also - just do what YOU like with it (in memory of Konfabulator...).
And Spotlight: While we hear from all around that people want to introduce search like this to other platforms, Apple is the one who _started_ this and was in the right position to do it right. And they did. (Although it _really_ pisses me off that I can't look for parts of files' _NAMES_ easily anymore...)

 

[rbuenger]

. It's trivial to write an app that tricks the user into typing in the administrator password. Not so trivial to write an app that replicates it self _without_ any user intervention

The problem here is that thu user don't need to give any password. It gains root just by using mRouter. The script just need to be started. And 9 out of 10 test persons (that got a dummy executable from me) opened the app (they believed it's a folder as yeu just need to change the icon). Of cause this is trivial but 90% of the testusers opened it. And than it just get root and hide in the background. Any normal user just can't find or even delete it. And the fact that it easily got root isn't good. Who knows if not 100 apps out there already include such an 'addition' Most users would never notice this.

And yes, I've already deleted all these apps and the webkit etc. You just can't use most apps out there aften this. And I'm not using Firefox or Eudora for security reason too. Ok, FF is a lot better than most others but I love iCab 3 and Mailsmith.

And I've just seen some benchmarks Tiger<>Panther. And Tiger lost most points important for me (disk, threads, cpu). And that's compared to a full blown 'normal' Panther not the optimized xnu kernel without all the needless extensions. So there is absolutly no reason to get Tiger for me. And I would never again pay more than $100 for any OS.

(Although it _really_ pisses me off that I can't look for parts of files' _NAMES_ easily anymore...)

Why can't you do that? Just searching for apart of the filename? Just use locate (or find if you haven't updated the db). For example: locate PartIKnow | grep html$

 

[Viro]

I think he's more interested in completely removing WebKit, which AFAIK is not possible.

 

[fryke]

Why I can't do that? Well, I can. But I'm not interested in working in Terminal.app when I'm trying to use Finder to organise stuff. Basically, they've just removed finding for filenames (or parts of 'em) from Finder's find facility. Not good. (Sure, you can enter a word that would probably be _inside_ the document, too and then refine the search by part of its name, but that's MUCH too much hassle. They simply shouldn't have removed the 'easy' looking for filenames but have it as an alternative to searching for content.)

 

[fryke]

btw.: don't get me wrong, it _still_ finds the items which only have the word in the filename/foldername, but if i'm really just looking for a HTML file i know its name (for example: "special") of, i'm not interested in finding any PDFs who happen to have the word 'special' in their text somewhere. And the file/folder names don't seem to be top-hits. The name doesn't count more than the content in Spotlight. :/

 

[Viro]

I thought Tiger gained points for most areas, CPU, threads, memory, UI, OpenGL. The only exception is the disk, since that's quite obviously hardware limited (unless Tiger makes the hard drive spin faster, which is quite unlikely ).

Well, that's true for the G4 anyway. I'm not interested in the rest as I don't use them.

 

[Pengu]

ok. you are complaining about other users opening a test trojan that you wrote. you are complaining about apple bundling a lot of features for no extra cost. you are complaining about "we added 1% performance" and yet you feel the need to hack/re-compile a "optimized xnu kernel".. if you are a real security geek, you'll know the only way to REALLY secure your system is unplug the network/modem cable and use it as a standalone machine only.

sounds to me like you're complaining because apple isn't taking the Linux approach, and letting any tom dick or harry write code for them, which results in the wonderfully confusing UI experience that is ANY and ALL linux GUIs.

if you are using the terminal to find files, why not use Lynx to browse with and use OSX in CLI only, by logging in as ">console" from the login screen. No more webkit. no more iphoto. no more ANYTHING that is specific to apple (except the computer itself or course) if you don't like OS X, don't use it. run BSD. Linux. or the bastard child Windows (which you seem to embrace a little too much for someone complaining about security holes and ability to remove software.. if you "remove" half the stuff in Windows, it just deletes the shortcuts in the Start menu)


anywho. that's my bit. personally, i'll be getting Tiger, iWork and iLife (all at EDU discount thank you very much ) at the end of the month : )