John Gruber takes on Apple's recent security embarrassment. While his conclusion isn't exactly news, it can't be stated frequently enough that Apple's communication skills are next to non-existant.
Information coming out of Apple is scarce – I even thought it was above average for the X.3.4 update – for Apple's standards that is. And when there's information coming from the proverbial horse's mouth, it is often very vague. As John puts it
Now, if you note Apple’s precise language, they actually claim no such thing. “Includes recent Mac OS X Security Updates” does not mean the same thing as “Includes all recent Mac OS X Security Updates”.You see how we are quickly entering the world of nit-picking, covering your asses and lawyer speak here? That's not helping anyone. The bottom line is that if the way Apple choose to formulate things leaves room for interpretation and misunderstandings, it is their fault if people interpret and misunderstand it. Backing off with a 'but I meant to say' may be viable in off the cuff discussions but not for companies who are responsible to their customers (I know they aren't, but let's just pretend...). If you have to explain what you 'meant to say', you might have just said it right away.
In fact, it might do less harm if Apple just described their update with
A few changes and fixes that we considered worthwhile. That might be truthful and not promise too much.
So I fully agree with John. But the thing that'd interest me even more is how exactly Apple managed to ignore the problem for so long. I experienced before that Apple's bug reporting facilities aren't up to the highest standards, but it's not really clear what is going wrong.
One explanation would be a lack of staff, i.e. Apple not taking the bug reporting serious enough. If the numbers of bug reports are anything to go by, Apple received around 200000 bug reports in half a year. That's a lot to be processed and perhaps an important bug report just slipped by? David Hyatt mentioned that the sheer volume of bugs is intimidating and the analysis might only be 'statistical'.
Another point would be the quality of the bug report in question. Was the issue actually described intelligibly in the report? Even for the few bug reports I have received for my own software, there was a notable percentage of reports which I just didn't understand.
I still think the blame for all this lies at Apple, but
a bit more some openness on their side might lead people to regain trust that Apple actually know what they are doing. If they don't, we'll just have to assume the opposite.
Some music to finish.
Received data seems to be invalid. The wanted file does probably not exist or the guys at last.fm changed something.