MacTel: 22 Kits, 161 patches - so far

MacTel: 22 Kits, 161 patches - so far

Summary: I still recommend MacOS X as a great Unix desktop: but now it's just about the software - the fashion appeal, the quality, performance, security and cost advantages, are all gone.


I get accused of being very negative about Apple, but I'm not: I think Apple's Intel decision was the worst choice they could have made in reaction to IBM's failure to deliver on its promises, but I continue to recommend Macs to friends and colleagues.

What makes a Mac isn't the hardware, but the "user experience" - basically the combination of hardware, software, and the cachet many people see in owning a premium product instead of a run of the mill PC.

At the moment, therefore, I think Macs are still the right choice in situations where the alternative is to buy and use Wintel, simply because Apple's software is far better.

The other two factors, however, are history. First, x86 hardware is just that: x86 hardware, the quality and performance premiums that went with PPC are gone - figuratively in terms of personal differentiation (aka "fashion") because you can't tell a Dell from a Mac without a label, and physically because one of the numbers hidden in that 10-Q I quoted yesterday shows that Apple increased its warranty reserve by 31% per unit sold over the same period in which it converted from PPC to Intel.

Secondly, part of the Mac's appeal was based on the perception that it was a better, more secure, machine used by smarter, more successful, people. Now in that context a one third increase in warranty claims doesn't demonstrate strategic failure, but x86 hardware is just x86 hardware and if the MacTel decision leads to the loss of Apple's appeal as a fashion accessory it could be in real trouble.

For example, the iPod and related lines are "mission critical" for Apple, but while iPod and iTunes sales are thought to be still growing, the momentum has clearly gone out of the market with neither product meeting volume targets set last year. Why? In my opinion because these are fashion items, sold on the basis of the "cool" halo conferred by the Apple brand rather than on genuine competitive advantage - and the Mactel decision has, despite unusually intensive Apple advertising, started to dissipate that halo.

Ultimately such halos reflect product quality in use - an Armani suit really is better then the off the rack stuff you get at big retailers, but Apple's x86 hardware is  just the same as everyone else's x86 hardware, and that's a problem.

In the context of PC security, for example, Apple used to get a lot of value from the reality that people buying Macs could pretty much forget about that whole PC "security" thing.

But, with MacTel, they can't. Apple has a serious security problem - issuing 22 official patch kits covering 161 publically reported vulnerabilities over the last year.

(Note that Mitre lists only 105 Windows/XP security vulnerabilities for the period but I don't know how that actually compares to Apple's experience because none of the counts involved, and certainly not Microsoft's, are excessively honest.)

Notice, however, that the key indicator here isn't how many patches they issued or how many vulnerabilities were reported, but the change in Apple's behavior with respect to those problems. In the PPC age, Apple took a legalistic approach to attackers, but a fairly relaxed approach to dealing with any actual problems found in the code: fixing the source for the next release, but producing downloadable patches only if the vulnerability drew a lot of publicity.

That's changed dramatically: now Apple responds to each new vulnerability with an emergency patch users are expected to install right away.

What happened? Simple: with x86 a vulnerability amounts to an exploit, with PPC most vulnerabilities are practically unexploitable - a phenomenon whose consequences you can see in the Solaris/SPARC world too where the popularity of Solaris for x86 has led Sun to introduce a slew of automated patch management tools that were previously unneeded.

So what's the bottom line? I still recommend MacOS X as a great Unix desktop: but now it's just about the software - the fashion appeal, the quality, performance, security and cost advantages, are all gone.


Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Rudy , for once...

    I am inclined to agree with you. I am not so sure about
    the reason for ditching IBM's p970 chips. Although power
    consumption was touted as a reason when you look at the data
    on IBM's website regarding the power statistics you see
    that the p970 consumption was not really that high. I think that
    it was a political move made to look like a technical improvement.

    Still I think moving to sucky x86 architecture was a bad
    move technically but from a business point of view it
    seems to stand up at least on paper.
    • Dead ends

      IBM did not want to support G4/G5 anymore. They had big new customers with M$ for Xenon and Sony for Cell, and they are moving toward P5/P6-type of specialized processors. Having to support a dead-end chip line that has limited sales support is something they didn't want to do.

      Too bad Freescale's future was so shaky when Apple made the x86 decision. They could have met Apple's needs for low-power chips.
      Roger Ramjet
      • I disagree

        The p970 is half a POWER4/5 chip and IBM make their own
        blade servers using this chip. the open power initiative is a clear indication that IBM want
        to grow this architcture across the embedded/workstation/server
        space. Freescale is actually in very good shape at the moment
        and were in good shape when Apple went x86. It was when Freescale
        was still part of Motorola that things were bad. Motorola is
        really a contender in the embedded along with MIPS and ARM.
        They could not get the clock speed above 2Ghz in the G4 and
        Apple had to put in x2 1.42Ghz chips to compensate.
        Although the Motorola chip was WAY more power efficient
        Apple felt that with new P4's sailing toward 3Ghz
        they fell out with Motorola and went to IBM.
        Apple is not really worth it for Freescale.

        This company could potentially make
        the ultimate power to speed ratio PowerPC chip on the planet.
        It won't happen but if apple had partnered with these guys
        a while back, who knows....
        • Power5

          IBM's direction with Power5 was to incorporate mainframe-like abilities into the chip design. Things like "hibernate mode" - where you populate servers with extra chips and then turn them on with activation codes ("on-demand" computing) is great for servers - but totally useless for a mac. IBM was not interested in making CLIENT chips - unless they can sell them by the million (Xenon and Cell). Apple never bought that many . . .
          Roger Ramjet
          • Umm...

            Apple never bought many? Apple never bought any.
            Read this..
            Apple were not using the wrong chip. I agree that Power5 is not
            a good match for Apple but p970 is what was used and it does
            not have a lot of those high end features. It was a good match
            but I think Apple try's to steer the development of the CPU vendor
            and ultimately the whole thing turns sour, just a guess.
  • Have you narrowed it down

    to what exactly about x86 makes it so "bad"? Is it CISC vs. RISC (are there ANY other CISC chips around anymore?). It is backward compatibility = old, unpatched openings? Is it immature software? If you ported VM or VMS to run on x86, would you see that same problems? Just what are the factors that drive this issue?
    Roger Ramjet
    • lots of partial answers

      1 - NT 4.0 was iVMS (3.51 was an attempt to write a new version of VMS). I'm not aware of a VM port.

      2- x86, today, is consists of a RISC core with a CISC shell.

      3- one problem is that the separation between executive mode and run time is easily broken. Another is that the design is simply old - predating knowledge about how to make hardware difficult to subvert. THird, one problem with maintaining backward compatibility for code is that you also maintain it for bugs and attack vectors.

      4- one effect of years of x86 attacks is that there's a large library of proven exploit code. Thus people finding new vulnerabilities typically don't have to invent their own exploits - they can grab one off the shelf, make minor changes, and release it on the web with the result that kiddle clickers who wouldn't have the beginnings of a clue on how to exploit a code vuln for sparc or ppc applications can, and do, take advantage of new vulns found in code for the x86.
      • thats funny

        thats funny since the majority, if not almost all exploits have nothing to do with the processor itself.
  • Vulnerabilites are OS based

    The Macs running on PPC with OS 9 were full of holes and regularly attacked. The strength of Apple security is OS X and its Unix base. Nothing to do with running x86 chips.
    As has been stated, IBM was not interested in the low volume market represented by Apple, and would not develop chips fast enough for Apple to compete with AMD and Intel. After a long wait for G5 laptops, Apple had no choice but to make the move.
    While there is no real loss of security (the increase in patches is more related to Apple's newfound visibility), the move to Intel has given many people stuck with MS Windows the confidence to try a Mac. Most have never looked back.
    • Where are the facts ???

      The Macs running on PPC with OS 9 were full of holes and regularly attacked. How can this be with such a small market share ??? Since OS X has a bigger market share than OS9 ever did and it is not regularly attacked.
      • Not a market share issue

        I once reviewed over 1000 certs in detail -and found that the exploit driver was more likely to be ease than market share.

        The issue is simply this: for a working attack you need two separate things:

        1- a code vulnerability; and,
        2- an exploit.

        Code vulnerabiities are independent of hardware, but exploits depend on hardware. Over time x86 design weaknesses coupled with libraries of exploit code have meant that step one is hard but step two is easy. With PPC step one is hard, but step two is even harder.

        That's why x86 vulns usually have exploits and thus become attacks while sparc and ppc vulns usually attract press coverage but have no exploits, no attacks, and no victioms.

        Bottom line: it's attacks, combinations of vulns plus exploits, that count, not vulns by themselves.

        In PPC/SPARC this means vulns aren't a good measure of system weakness, while in x86 they are.
      • The Big Lie

        Ah yes, the big lie rears its ugly head again - The reasoning that POPULARITY ALONE is responsible for the many attacks against M$ products (or OS9/OSX in this case ...). I like Murph's response - please take a look.
        Roger Ramjet
  • Moving to a new platform

    Couldn't some of the issues simply be the growing pains of switching to a new hardware platform? What level of patching was required for Apple's OS when they moved from 680x0 to PPC, for example? Then again, maybe not a great comparison, given the growth in the internet and sophistication of attacks, the situation faced by the newer platform is a lot tougher.
    tic swayback
    • Oh there was plenty . . .

      but nothing to do with internet attacks, as the 'net was barely known to many at the
      time. Yeah, those patches were for OS issues. God knows, I installed them all from
      the CDs on the mags.

      As far as OS 9 being attacked is concerned, -- what, what, WHAT? I have NEVER
      heard of anything like that happening in my professional experience in networked
      environments. That goes for OS 8x and 7x.

      I will add, I too think it was a mistake to leave the PPC state.
  • Adult vs. child

    An adult realizes when the train has left the station. The child continues to whine
    about why they can't ride the train.

    Just in case you don't get it: The train has left the station.
    • reality vs the emperor

      Yes the train has left, but doesn't mean I should get aboard - or applaud those whose willingness to do so demonstrated their own total fecklessness.
  • What performance benefits???

    You keep at the PPC performs better mantra - without facts. Check the SpecInt and SpecFloat and other benchmarks again. Also same source code compiled and optimized run on the two PPC and x86. x86 wins! Not by just a little bit but by a large margin. I'd need to check again but I think AMD beats PPC too. I checked this all last week.
    • anachronisms and code

      is a 3.6Ghz Xeon (ca 2006) faster than a 1.5Ghz G4 (ca 2003)? Duh..
      is x86 optimized code casually recompiled for a G5 faster on x86? duh..

      but check out:

      Cell vs 86: 10 to 100 times faster
      Xenon vs x86: 5 to 10 times faster
      e600SOC vs x86: 8 to 30 times faster
      power5+ vs 86: 3 to 8 times faster

      Comparable code, comparable time frames... PPC beats x86 by factors ranging from 3 to 100.
      • G5 5 Gflops per core Woodcrest 9.6 GFlops per core

        Not theoretical - measured.
        This is the 970 G5
      • not really true though

        sure, can be 100 times faster, can also be slower... you just keep going by specific benchmarks made to purposefully make the chip you like look faster. Youve really started believing the fixed benchmarks...