Jed Laundry

I apologize in advance for the lack of coherency in this post; it's late, and I'm tired.

So, I have a custom backup script (mostly because I know I can do it better for my workflow than some off the shelf solution). It uses tar’s listed-incremental function to do, as you can guess, incremental backups over a monthly cycle. It’s been working well since I made it on Tiger, except today, the first time I’ve tried to take a backup since upgrading to Snow Leopard. It straight off failed, claiming it doesn’t understand listed-incrementals.

I’m scratching my head as to why (it’s really not a complex script), before I realise it’s using an older version of tar than what shipped with Tiger and Leopard (or it’s using BSD tar as opposed to GNU tar… but I can’t verify what Tiger/Leopard had, all I know is it worked previously). Hmmm… ok. So I open Macports, install the latest version of gnutar, removed the crappy Snow Leopard tar and all keps going happily… except I now have a wiggling suspicion in the back of my mind that there is another disturbance in the force…

I dig a little, and it’s not long before I discover that Apple also decided to ship bzip2 1.0.4, which has a security exploit that was fixed 1 year 6 months before 10.6 was released…

WTF Apple? Is anyone paying attention to software releases over there? It makes me wonder, what other outdated, exploitable software is installed on my laptop?