Kevin Finisterre and someone we only know as "LMH" have launched the Month of Apple Bugs, a site they dub a 'project' with the supposed goal of publishing bugs, hacks and exploits they have found in
Apple's software any and all Apple-related software. Already they have published a QuickTime exploit they've found which could allow remote code execution (for which Mr. Gruber's proposed solution might not cut it), and yesterday they posted a VLC exploit (and how is this an 'Apple bug?') which supposedly offers the same vulnerability.
If you're the type who enjoys cliff notes, let me summarize my feelings about the decision Kevin and "LMH" have made with this site: I spent almost all of last night sketching and brainstorming ideas, but I honestly can't think of anything more pathetically ego-massaging or FUD-drudging one could do with this information outside of writing, directing and starring in a horror movie about code exploits. Thankfully, I wager such a movie wouldn't do so well at the box office.
Let me be clear: if these guys have actually found enough problems with software (be it Apple's or otherwise) to fill a whole month of releases, I honestly and sincerely thank them - they can help whoever makes that software to make it better. What is so horrendously wrong with this 'project' is that they're stirring up hype and making news headlines with these exploits, instead of sticking with the traditional and ethical practices of reporting and discussing these bugs with the relevant parties.
Who knows, maybe they already filled out the form (though after reading FAQ #4, I doubt it), but publishing this information and landing themselves all over digg and Yahoo! News isn't going to accomplish anything productive. They complain about slow processes and being annoyed at auto-responders to bug reports but they fail to offer any legitimate reason or positive justification for publishing code like this. Patience and civility are virtues, and while I can completely understand being annoyed at faceless bureaucratic processes that fail to tingle the 'hooray I did something good!' bone, publishing this code in this manner has absolutely no positive merit for anyone, and causes nothing but undue harm to the Mac community they so smugly feign an interest in.
But I would hate to end on such a bad note. Instead, I'll promise to stomp my feet about this 'project' as little as possible, as we at TUAW would rather focus on the positive. Over the month, we'll offer context and solutions for the bugs Mr. Finisterre and "LMH" publish, in an effort to help the Mac web create something positive out of this questionable month-long bug report. Stay tuned.