Slashdot Mirror
Mac App Store Apps 'Damaged' Following Security Certificate Bug (thestack.com)
An anonymous reader writes: A slew of complaints are emerging against Apple after users were forced to delete and re-install Mac App Store apps in the wake of a major security management error. The problem manifested with the apparent expiry of security certificates which validated the apps, but even after the certificates were updated yesterday to expire in 2035, the problems were not resolved; some users were unable to verify the new certificates, and others could not even connect to the internet. In some cases the programs had to be reinstalled from scratch, deleting the user's existing settings.
You're using the store wrong..
That can't be a good idea to make the certificate valid for 20 years.
Applications are now compiled to self destruct after their security certificates "expire".
No doubt, when the developers seek to recompile or rebuild their applications so they can distribute them again, they'll have to use a newer version of the SDK that only supports the most recent version of the host operating system, thereby forcing users to upgrade lest their programs begin to die out one by one. So much for "don't upgrade if you don't want to, nobody is forcing you to do that".
Recently, I've had the pleasure of dealing with a couple of operating systems from the past. OS/2 Warp 4.52 Server, Mac OS X Server 1.2v3 (yes, 1.2, not 10.2, I'm talking about the version that was born out of the ashes of OpenSTEP and NeXTSTEP), Windows Server 2003 R2, Windows XP, and the more newer Windows Embedded Standard 2009 POSReady (basically Windows XP SP4 with official support from Microsoft through to 2019).
In every case, I couldn't believe how fast things landed up running, how utterly minimalistic the user interfaces were, and how much power I had over the computer. For the first time in a long time, I felt like I was interacting with a set of tools that were designed to get shit done and stay out of my way. Sure, some of them were a bit of a pain in the ass to setup and configure (OS/2 and Mac OS X Server in particular), but hey- they come from an era of computing where people were actually expected to know what the fuck they were doing.
Of course, when I returned home later that day, I had a pile of unavoidable updates sitting on my Windows 10 box that absolutely had to be installed, cause it was my "free" upgrade from Windows 7 and what not. My iMac was bitching about some other updates as well, plus I had to deal with this very issue because I'd foolishly downloaded and installed a couple of apps from the Mac App Store. Later that same night, Adobe Flash Player got locked out of Safari again so I had to update that, and then I landed up spending another 20 minutes trying to disable SIP on a 10.11 install off an external disk drive because apparently OS X doesn't think you need to be able to write to places like /usr anymore (so much for a Unix-like system).
I'm kinda getting tired of all this modern day technology that panders to the idiot masses who can't be trusted with something as simple as file folders. I want hardware, I want tools, that do what I tell them to do, when I tell them to do it. I don't need any of this hand holding nanny bullshit or this security nonsense that's "for my own good". Kinda makes me wish I still had my Thinkpad T61, Nokia 8801, HP hx4705 Pocket PC, and my iPod Classic. Pretty old stuff by today's standards, but it all worked, and barring hardware failures I could have kept that stuff running forever. Life is way too short to be worrying about what idiotic GUI overhaul next year's software is going to carry or what updates Microsoft or Apple are trying to shove down your throat today.
The joys of not controlling what you supposedly own.
I'll bet the 8 people using GNU/HURD are really grateful they don't have to contend with this drama.
I noticed something odd was going on when yesterday morning my OS wanted me to sign into the App Store to 'validate' a program I purchased recently.
Now I have to read about the cause on a news website instead of hearing directly from Apple (you know, the people who already have my email address along with those of all their customers).
Oh come on now, you're exaggerating things just a bit there.
There can't be more than three people using HURD. Four, tops.
Holly shit, I know half of the people using hurd.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
Let's start with user settings. User settings are neither stored with the app not digitally signed or encrypted. They are buried in a semi hidden folder that resides in the users home directory. Deleting an app doesn't delete your settings. It can't. Intentionally.
You can't really 'update' a cert once it's been used, so if something expired all apps with that cert in they're chain of trust would need to be resigned to validate them. There is no way to magically make apps signed with the old cert work with a new one. That would be a massive whole in the entire PKI process.
I'm not saying something didn't break, but the summary is 100% factually incorrect.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
So, the thing that got hit for me was 1Password. So I couldn't log into websites because 1Password wouldn't run. Fortunately I could use the synced copy on my phone and type in the passwords by hand but the whole reason for using a password manager is so that I can use passwords that are long sequences of random characters which are no fun to type by hand! I found that it was an App store problem from the Mac Rumors website. Running the App caused a box to pop up saying the App was corrupted, to delete it and re-install. So I followed the instructions and, guess what? I couldn't re-download from the App store!
This whole idea of having software that quits working based on some random policy is useless. I want software that I buy and is there when I need it. Not checking if some certificate has expired or that I paid a subscription or some other BS.
I've been using Macs since 1985, yes I use Windows and Linux too but Macs were always what I used at home because I could write a file five or ten years ago and still open it. That's fading away. Notice I wrote "what I used at home", I'm shopping around.
"some users were unable to verify the new certificates, and others could not even connect to the internet. In some cases the programs had to be reinstalled from scratch, deleting the user's existing settings."
Ok, let's look at this...
1) some users were unable to verify the new certificates
Sure, I buy that.
2) others could not even connect to the internet
I call BS, App certs do not have any use whatsoever in the TCP stack. I'm sure people had problems, but it wasn't due to this.
3) the programs had to be reinstalled from scratch, deleting the user's existing settings
I call BS on that too. The app settings are in a text file in the user directories, you can go and open them in your favorite text editor right now. Re-installing an app does not overwrite these settings, which is *the whole reason* they're done this way. It is possible that app did that, but that's a bug in the app and has nothing to do with certs.
Crappy reportage.