I've been a Apple & FreeBSD user for decades and it really looks to me like Apple is coming up for a long cycle of public and embarrassing security failures because of this...
Or perhaps I should say, I don't think Apple is going to either update the lagging GNU utilities to current or put for the effort to migrate to current BSD alternatives until they have a protracted public shaming which demonstrably impacts the bottom line of iOS sales. Which sort of reminds me of what MS went through before they started taking security more seriously. (I haven't used Windows in years, so I can't really comment on the state of MS security today).
Which is a shame because there is a lot of opportunity in the eddies of GNU, BSD, and Darwin. We all could benefit from an Apple sponsored security focused FOSS code review / bug hunt / development effort. Sort of like what Google does only focused on Security.
I don't think that is the case, there won't be a requirement for public shaming, Apple is already removing more and more GPL licensed tools each release cycle and it won't be long until they are using more up-to-date BSD licensed tools.
Also, one thing I have noticed is that Apple has started reacting faster to security threats and is at least willing to acknowledge the researchers behind them in their updates, which is much better compared to what previously happened. Not only that but before Lion was released many security researchers received an advanced copy.
The other thing is that almost all of the GPL utilities are command line utilities and are not shipped with iOS so even if there are vulnerabilities in them it is highly unlikely that there will be a target painted on iOS's back. I don't foresee that there will be any major impact on their iOS product line.
Actually what I was inferring is that between the rate of migration from older GNU tools to current BSD tools and the rate of response for security issues would combine to create a series of security failures in Mac OS. If that went on long enough and is publicized enough, it will effect iOS simply by guilt by association.
Certainly I have also noticed a slight improvement on the way Apple handles security problems but I don't really think it's an adequate response. More importantly I have the general impression that long term Apple is moving away from Mac OS & workstations and towards iOS & devices. So them ignoring Mac OS problems or becoming slower to react on them would not really surprise me... at least until people started to view iOS in an equally negative light because of it.
In any event, I honestly wish that Apple would maintain a larger presence in the FOSS community and put more effort into a more positive two way relationship.
> In any event, I honestly wish that Apple would maintain a larger presence in the FOSS community and put more effort into a more positive two way relationship.
With respect, I think that what you really mean is that you wish they would have a greater presence in the FSF-adherent "free" software community. Their credentials in the open-source world are pretty well burnished: Bonjour, Darwin, WebKit, LLVM and Clang, and so on. They do not, however, care much for the GPL, and I do not blame them.
Apple have always acknowledged whoever found any exploits in their OS. It may not be in the update docs, but it is in the security-announce mailing list Apple uses for all updates that have security fixes. https://lists.apple.com/mailman/listinfo/security-announce
I've been a Apple & FreeBSD user for decades and it really looks to me like Apple is coming up for a long cycle of public and embarrassing security failures because of this...
Apple isn't going to allow Mac OS X security to degrade. Apple does a lot of behind the scenes activity with security that they don't talk about much.
Every Mac OS X and iOS update addresses many security vulnerabilities; here's the list for 10.7.3 as an example: http://support.apple.com/kb/HT5130
I am only using Linux on both server and client and I am happy to have a consistent development experience since 6 years.
I am interested why isnt just Apple or just FreeBSD enough for your purposes? Why do you need to use both? Just as a hobby or do both have any use special case?
Personally, I use FreeBSD for anything that's headless, and OS X is the only OS I'll touch for a desktop. FreeBSD makes for a fantastic, consistent experience for servers of all kinds, and OS X has everything I could want on a desktop. (I do still use bootcamp occasionally for games, but that is getting rarer)
Or perhaps I should say, I don't think Apple is going to either update the lagging GNU utilities to current or put for the effort to migrate to current BSD alternatives until they have a protracted public shaming which demonstrably impacts the bottom line of iOS sales. Which sort of reminds me of what MS went through before they started taking security more seriously. (I haven't used Windows in years, so I can't really comment on the state of MS security today).
Which is a shame because there is a lot of opportunity in the eddies of GNU, BSD, and Darwin. We all could benefit from an Apple sponsored security focused FOSS code review / bug hunt / development effort. Sort of like what Google does only focused on Security.