Well, I fired up one of the last remaining PPC boxes I could get my hands on and re-build the project under the old Xcode and for PCC only. The result are a not-as-pretty – but functional – 10.4 PPC build of DBCC Desktop (76KB compressed archive).

I moved the project back over to my Leopard box and compiled it as a Universal with a 10.4 target architecture as well. I did not have time to test the results on Tiger, but it works on Leopard. That one is DBCCDesktop10.4-Universal.zip (76KB compressed archive).

One reason for the failure of the previous 10.4 target was the use of the BWToolkit and HUD window. There were other incompatible project settings as well.

This is probably my last fiddling with a 10.4 compatible build.

If anything, I was able to savor the beauty that is Xcode 3.x having re-lived the horror that was Xcode 2.x. How did we ever build apps? :-)

Python on the Mac is a mixed blessing. On one hand, it makes app development much easier. On the other hand, it limits the deployment to OX X 10.5 (Leopard) unless you do some wrangling.

I made an Objective-C version of the "desktop widget" which is available for download now. Most likely, I will not update this version and I have not tested on Tiger yet. If you do test it and it does work (or fails miserably), please drop a note in the comments.

MacNN continues their inaccurate reporting trend for the week with this travesty of an article. They use Secunia as a reference to make the determination (albeit with a "?" in the article title) that OS X is less secure than Windows.

This type of journalistic faux pas is all too common when writers with no security background delve into what may be one of the most complex areas of information technology. When one sets out to determine the "security" (I prefer the term "risk profile") of an operating system it is inexcusable to rely solely on raw numbers culled from CVE (Common Vulnerabilities and Exposures) entries. Each flaw has:

• an exploit impact or severity (e.g. Denial of Service, Information Disclosure, ....) that explains what the potential damage may be if the exploit is successful
• an exploit vector (e.g. remote, local, requires user interaction, ...) that documents how the exploit will be delivered
• and an exploit likelihood level based on factors such as the difficulty level of crafting and delivering the exploit.

When combined, these factors form a fairly complex and partially subjective equation. Many large corporations spend an afternoon or morning once per month near "Patch Tuesday" mulling over such information to assign patch priorities to new Microsoft vulnerabilities. I guarantee that you will find disparities in the ratings lists that are produced.

Raw flaw counts and ratings only paint one part of the security picture. Head on over to SecurityFocus or any other reputable security news aggregator/publisher and you'll find that the documented trend is exploiting application security flaws and direct targeting of users via attacks such as phishing. These rise above the operating system level and do have an impact on Apple as well as Microsoft (and it's one of only a few areas where Apple bugs can impact Microsoft users). Even the oft referenced SANS Top 20 Security Risks continues to highlight program-related security issues over operating system ones. Excluding this information when attempting to make an "X is less secure than Y" argument is just plain irresponsible.

All consumer operating systems and related software are insecure (hey, we can't all run OpenBSD) and Macs will see their fair share of malware and other security-related attacks in the coming months as Apple's user base increases. This will and should change the security profile of OS X, but flagging it as being less "secure" than Windows just defies logic and reason.

MacNN is about two more cruddy articles away from being removed from my RSS list.