Subj : Re: macOS 26
To : Nightfox
From : tenser
Date : Fri Sep 26 2025 02:18 am
On 24 Sep 2025 at 08:09p, Nightfox pondered and said...
Ni> Sort of related and also not - Years ago, I had a job interview where the
Ni> interviewer asked me what I thought about Linux (I tend to like Linux).
Ni> He said he thought that since Linux is open-source, anyone could
Ni> probably go in and put malware into Linux; on the other hand, Windows is
Ni> developed by a small team of people who are paid (and thus motivated) to
Ni> make Windows a good and secure operating system. At first I didn't know
Ni> if he was trolling me, but I think he was being serious.
Supply-chain attacks are very real. The counter-argument would
be that, with open source and public code review, there is at
least the possibility of auditing code to find them. Without
knowing more about the engineering processes at Microsoft, it's
impossible to know just how susceptible they may be to such
things: maybe less, but maybe more, in that if an engineer can
bypass the review process and get a bit of code submitted into
a little-modified subsystem, it could lurk for years without
anyone noticing. The same _may_ be true of Linux, but it is
qualitatively different in that there would be no easy way for
someone outside of Microsoft to find it.
