Hacker News new | ask | show | jobs
by smoldesu 1096 days ago
It's not the same. There are definitely people who try to exploit both OSes, but the conversation around securing them couldn't be more different. MacOS is developed in the "Cathedral" style - closed source, with a small group of contributors who assume responsibility for everything (including security response). Linux is developed in the "Bazaar" style, with patches being freely distributed and incrementally contributed by the community for each release. This represents a fundamental change in how security is handled; Linux can merge a fix as soon as it's available and passes review. Mac issues must be reported by a user, passed to an Apple engineer, located in the codebase, fixed, and then reviewed before it can make it into a Rapid Security Response patch. Apple's system is less transparent, often slower, and overall more convoluted than developers and users pointing to the spot that's broken.
1 comments
saagarjha 1096 days ago
I want things to work this way, but often they do not. Often what happens on the Linux side is that the security patch, if any, gets silently put into the tree without disclosing that it's a security patch, and downstream never pulls it in. There have been numerous instances of kernel maintainers asking people to water down their commit messages so they don't sound as bad as they are :/

This doesn't mean Apple does everything right, of course, but the situation on the other side frequently sucks too even though it nominally should not. And given various choices in their ecosystem (lack of fragmentation, for example) they can and do end up with a better security story in some areas.

link
smoldesu 1095 days ago
Definitely, there are pros and cons to each process. They are markedly different, though - Apple wants secrecy, whereas Linux demands transparency. Sometimes patches are rejected or ignored, but transparency is never compromised. This gives insight into how patches are accepted or rejected (eg. the Paragon NTFS), information that isn't public in Apple's process. The separation of users and "blessed" developers remains an enormous roadblock to effectively scrutinizing and quickly fixing Apple's software platforms. It offers some protection, too, but it is a night-and-day difference to how things are handled in the Linux world, dysfunction and all.
link