Mac OS X 10.2.8 Update, Take Two

javaxman writes "OS X users will find Mac OS X Update version 10.2.8 is available via 'Software Update'. If you did not install the previous 10.2.8 update, the size of the new update is 40.6MB. If you installed the previous update, the size of the new update is small, ~680K... if you can connect to the network, that is. Clearly you get different downloads depending on what you did with the previous 10.2.8 update. Apple Knowledge Base article 25524 has the details. It looks very familiar. I'm installing mine right away, how about you?"

Deja Vou

[profet]

In the immortal words of George "DoubleYa":

"Fool me once...shame on you....
Fool me twice...umm....
Shame..on...Shame...on...
Well you're not gonna fool me again..."

I'll wait for some other people to install first..

yup!

[nocomment]

I'm installing mine righ
[NO CARRIER]

Battery life is back!

[Trurl's+Machine]

I don't want to start a holy war here, but I was really scared that 10.2.8 ate my battery life for good. I'm so happy to see the familiar 4h+ is back (battery is about a year old; iBook 800 12").

Re:worst thing was 2 weeks to get ssh/sendmail fix

[dstillz]

Perhaps, if SSH and Sendmail were enabled in a default install, you might have a point.

only 680k?

[FuShock]

>If you installed the previous update, the size of >the new update is small, ~680K... if you can >connect to the network, that is.

Well, you could always put it on a floppy di....damnit.

Re:worst thing was 2 weeks to get ssh/sendmail fix

[valmont]

Well, maybe Apple has once failed to manage to do the grunt work for you in a timely manner. If i recall well, most other security holes had been addressed very rapidly in the past. This particular one tanked because it was rolled out as part of a buggy overall update. Big deal. That security hole existed on a service that is not enabled by default. And unless you are an Xserve customer with a valid, active support license, Apple doesn't owe you shit. Complain all you want. But if you enable "remote access" from your control panel, you should have a minimal understanding of the risks it presents and be prepared to cope with potential security issues, and unless you pay Apple, be prepared to wait for a patch.

But you see, in the end, you still benefit from Apple's original architecture decision for the core of their operating system: An open-source operating system. Full disclosure as to where the bug lives. As you said it, even the OS X server people had to remove the system-installed version and compile their own to not be vulnerable to Denial of Service attacks.

Be GLAD you were able to do that. Systems administrators who maintain production-environment servers have had OPTIONS as to how to deal with this situation, based on priorities. Sure it would have been nice to let Apple do the work for you. But hey, if you maintain something of importance, you'd better know your way around the operating system you maintain. But since those are all open-source components, chances are there were about 892739847238974 other people who had found a workaround and/or a solution to your problem within hours of the vulnerability being found, and chances are a good chunk of them have shared those solutions with the community at large.

There is no such thing as a secure operating system. A secure operating system is not connected to any network and doesn't otherwise interact with anything or anybody. Security is a frame of mind, procedures and processes surrounding the usage of computing facilities, and does not exist in an absolute form. Certain practices and philosophies allow administrators to build systems that are more secure than others. But it is all relative.

Take an off-the-shelf Jaguar installation, install it on a mac, then run nmap on that machine. How many ports will you find open? ZERO. NONE. NADA. ZILCH. not one. Why? How many will you find on windows? 5 to 10 depending on which flavor you're installing.