"The Month of A le bugs" begi , rationality surrenders

Kevin Finisterre and someone we only know as "LMH" have launched the Month of A le Bugs, a site they dub a 'project' with the su osed goal of publishing bugs, hacks and exploits they have found in A le's software any and all A le-related software. Already they have published a QuickTime exploit they've found which could allow remote code execution (for which Mr. Gruber's proposed solution might not cut it), and yesterday they posted a VLC exploit (and how is this an 'A le bug?') which su osedly offers the same vulnerability.

If you're the type who enjoys cliff notes, let me summarize my feelings about the decision Kevin and "LMH" have made with this site: I ent almost all of last night sketching and brai torming ideas, but I honestly can't think of anything more pathetically ego-ma aging or FUD-drudging one could do with this information outside of writing, directing and starring in a horror movie about code exploits. Thankfully, I wager such a movie wouldn't do so well at the box office.

Let me be clear: if these guys have actually found enough problems with software (be it A le's or otherwise) to fill a whole month of releases, I honestly and sincerely thank them - they can help whoever makes that software to make it better. What is so horrendously wrong with this 'project' is that they're stirring up hype and making news headlines with these exploits, i tead of sticking with the traditional and ethical practices of reporting and discu ing these bugs with the relevant parties.

Who knows, maybe they already filled out the form (though after reading FAQ #4, I doubt it), but publishing this information and landing themselves all over digg and Yahoo! News i 't going to accomplish anything productive. They complain about slow proce es and being a oyed at auto-re onders to bug reports but they fail to offer any legitimate reason or positive justification for publishing code like this. Patience and civility are virtues, and while I can completely understand being a oyed at facele bureaucratic proce es that fail to tingle the 'hooray I did something good!' bone, publishing this code in this ma er has a olutely no positive merit for anyone, and causes nothing but undue harm to the Mac community they so smugly feign an interest in.

But I would hate to end on such a bad note. I tead, I'll promise to stomp my feet about this 'project' as little as po ible, as we at TUAW would rather focus on the positive. Over the month, we'll offer context and solutio for the bugs Mr. Finisterre and "LMH" publish, in an effort to help the Mac web create something positive out of this questionable month-long bug report. Stay tuned.