rudis dot net

Another post by me over @ TAB looking at opensnoop, a cool dtrace utility that lets you monitor file opens.

Lots of good stuff came with Apple incorporating DTrace into Leopard. Load the Developer tools to get access to Instruments.app for some GUI-DTrace goodness and poke around man -k dtrace for some command-line DTrace fun.

DTrace is great for developers, but it has some security benefits as well, which I'll hopefully get some time to explain in the coming weeks.

If you're interested in what makes it to my MBPro post-Leopard, you can head over to The Apple Blog and read my latest post.

Quite the rabid followers of iStat Menus amongst the reader over there :-)

NOTE: Josh is much better at these serious article headlines than I am.

It's been a tough day so far, and I'm still recovering from the MacBook Pro open heart surgery (new 320GB HD + Leopard install + BootCamp/WindowsXP/EVE Online Trinity Premium Content install last night), but here are some odds-and-ends from this morning:

• The Kindle is cooler than I thought (but Amazon is as lame as I expected)
• These two discs are not even gold plated and they still cost $500,000,000.00USD
• It's the end of the world as we know it [for Netscape Navigator]
• Warner music just decimated Zune, Rhapsody, Napster, et al (the subscription model was never all that intelligent to begin with so these folks deserve to have their business model crushed)
• I hear they killed Kennedy and Lincoln, too

Finally, is anyone else thinking that Google may have to re-issue their 2007 Zeitgeist in light of the Bhutto assassination?

MacNN continues their inaccurate reporting trend for the week with this travesty of an article. They use Secunia as a reference to make the determination (albeit with a "?" in the article title) that OS X is less secure than Windows.

This type of journalistic faux pas is all too common when writers with no security background delve into what may be one of the most complex areas of information technology. When one sets out to determine the "security" (I prefer the term "risk profile") of an operating system it is inexcusable to rely solely on raw numbers culled from CVE (Common Vulnerabilities and Exposures) entries. Each flaw has:

• an exploit impact or severity (e.g. Denial of Service, Information Disclosure, ....) that explains what the potential damage may be if the exploit is successful
• an exploit vector (e.g. remote, local, requires user interaction, ...) that documents how the exploit will be delivered
• and an exploit likelihood level based on factors such as the difficulty level of crafting and delivering the exploit.

When combined, these factors form a fairly complex and partially subjective equation. Many large corporations spend an afternoon or morning once per month near "Patch Tuesday" mulling over such information to assign patch priorities to new Microsoft vulnerabilities. I guarantee that you will find disparities in the ratings lists that are produced.

Raw flaw counts and ratings only paint one part of the security picture. Head on over to SecurityFocus or any other reputable security news aggregator/publisher and you'll find that the documented trend is exploiting application security flaws and direct targeting of users via attacks such as phishing. These rise above the operating system level and do have an impact on Apple as well as Microsoft (and it's one of only a few areas where Apple bugs can impact Microsoft users). Even the oft referenced SANS Top 20 Security Risks continues to highlight program-related security issues over operating system ones. Excluding this information when attempting to make an "X is less secure than Y" argument is just plain irresponsible.

All consumer operating systems and related software are insecure (hey, we can't all run OpenBSD) and Macs will see their fair share of malware and other security-related attacks in the coming months as Apple's user base increases. This will and should change the security profile of OS X, but flagging it as being less "secure" than Windows just defies logic and reason.

MacNN is about two more cruddy articles away from being removed from my RSS list.

You can pre-order your copy of Leopard from Amazon from here:

We (Mary & I) just watched they 2007 WWDC Keynote in (almost) it's entirety and I felt compelled to jot a few notes down (via Safari 3 on OS X Tiger).

1. New desktop: first, what's wrong with a blue background? second, i hope there's a way to turn off the fancy Dock effects; last, the menu bar enhancements (though grainy in the video) seem decent
2. Stacks: meh
3. New Finder: meh (though CoverFlow is growing on me every time I see it)
4. Spaces: gimme VirtueDesktops back
5. BootCamp: the fast switch mode is very cool (need to look past they keynote for that info, tho)
6. CoreAnimation: rocks!
7. Quick Look: it's growing on me
8. Network sharing: scary (from a security point-of-view)
9. Time Machine: yeah, yeah
10. Safari: best thing to happen to Windows and will be glad to see it gobble up market share
11. iPhone: lots of folks poo-pooed it today, but I think it's the most intelligent way to develop apps for the mobile, connected platform. it's *way* better than using some huge development environment to compile code that has to be "sync'd" and will enable far more interesting mobile apps than one might think. I just hope there's a way to have some local storage.

UPDATE:

I apparently forgot the WebClip/Dashboard feature. To that I give a firm "meh."