Slashdot Mirror
Apple To Review Software Practices After Patching Serious Mac Bug (reuters.com)
Apple said on Wednesday it would review its software development process after scrambling to patch a serious bug it learned of on Tuesday in its macOS operating system for desktop and laptop computers. From a report: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," Apple said in a statement. "Our customers deserve better. We are auditing our development processes to help prevent this from happening again."
Was it an H1-B developer or something that was sent to India?
I canâ(TM)t reâ(TM)d this crâ(TM)p.
You mean put in a sack and beat with a stick?
Not a Mac fan, but this is the most honest, respectable response to a mistake I've seen from a corporation in a long time.
Props, Apple.
A government is a body of people notably ungoverned - AC
I translated it as this was a known issue to the underlings, however it never was allowed to be addressed by the middle managers or this problem was a very to spot problem (probably some debug code that didn't get removed) that was allowed to get released.
However compared to other companies, at least Apple is publicly admitting the problem. While some companies may patch the problem, but not state any details about it.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Apple should start giving a shit about something besides hardware for but a moment.
They do, in the form of animated turd emojis.
You're releasing it wrong.
Well other then this one, how many other viruses or gross hacks were there in the past 15 years?
I can remember only 3 or 4 major ones during this time. The rest were on par with the normal security fixes that everyone puts out, mostly getting access to stuff as a user already logged into the system.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
That's what I call courage
I think this is a much broader problem. This isn't just about Apple. This is about almost all software today that has been developed by Millennial (some people use the term "Hipster") developers.
Millennials have been in the industry for about 10 years now, and these past 10 years have been some of the worst in terms of software quality.
Just look at the destruction they've left behind them. Windows 8, 8.1 and 10. GNOME 3. Firefox 4 and later. Systemd. Wayland. Slashdot Beta. NoSQL. The list goes on and on.
The Gedit text editor is an excellent example of how formerly-usable software has been destroyed. This is what Gedit used to look like. At that point it had a sane, easy-to-use, functional UI. This is what Gedit has become. It's like 50+ years of accumulated experience and knowledge has been discarded for no good reason, and the end result is a disaster.
What we have is a generation of software devs who are far too focused on aesthetics and trendiness, with little to no care put toward usability, security, and reliability. They go out of their way to ignore everything we've learned about doing things right. They do things their own way, and it's a disaster.
This isn't even a get-off-my-lawn situation. Many of us who are appalled by these developments are late Gen X'ers. We aren't even that much older than the Millennials who have caused so many problems! In fact, many of us spend our days trying to bring some sanity to otherwise disastrous workplaces. We remember how software used to be developed, yet we're so outnumbered by Millennials that we just can't keep up.
It was excusable when security flaws and usability problems were accidentally introduced by earlier generations because they were doing pioneering work, and the concepts behind these security flaws and usability problems hadn't even been discovered yet. But the industry should be far beyond that now. The knowledge is there, it's just that Millennials choose to totally ignore it.
This was posted as recently as November 13, as a "solution" to an issue of not having an administrative account: https://forums.developer.apple...
TL;DR
The last generation of programmers are too focused on the shiny.
#DeleteFacebook
We apologise again for the fault in the post above. Those responsible for sacking the people who have just been sacked have been sacked.
#DeleteFacebook
It depends on the situation. Since AFAIK is requires physical access to the computer, it wasn't really a problem for people with home computers. For people traveling with laptops, or workplaces with Macs, it was a huge security problem.
#DeleteFacebook
I'm sorry... Apple's hardware is the GOOD bit?
Fuck...
All bugs are also features. Depends on what you want them for.
Yes, yes, DOS and Windows 95 were the glorious days of security. The Blackberry was unhackable and IE 6 was teh gratest web browber ever!! Napster still lives on in my heart.
There's all kinds of cosmetic and usability bugs floating around, and Apple doesn't seem to be in a hurry to fix them. They're the kind of bugs that aren't showstoppers but are still very annoying or can result in bad data.
The Calculator bug in iOS is one example of a recent bug that can produce bad data and wasn't fixed. Until iOS 11.2 (which isn't out yet!) even though it was reported way back in 11.0 beta, before the OS was released to the public.
Another recent issue, though less important, is that the Weather widget will randomly stop updating, so you'll be seeing last night's weather instead of right now. This bug was also reported several versions ago and is as of yet unfixed in the latest 11.2 beta.
I know bugs happen; nobody is perfect. But these are obvious, reproducible bugs that are not being fixed after being reported months prior. What the hell, Apple?
That's a really bad summary. Yes, part of the problem is that Hipsters care too much about looks. But you ignored the other serious problems that the GP mentioned:
1) Hipsters go out of their way to be ignorant. They don't want to learn about security, so we get atrocious security flaws in the software they write. They don't want to learn SQL, so we get atrocious NoSQL databases to deal with. They don't want to learn about how their users use software, so we get awful UIs. They don't want to learn C++, so we get a terrible language like Rust.
2) There are too many Hipsters. No matter how much effort responsible programmers put in trying to fix the many problems created by Hipsters, these responsible programmers will always fall behind just because the Hipsters crank out so much crap at such a fast pace. It's like riots and looting, where a relatively small number of police officers and store owners are absolutely overwhelmed by a much larger crowd of thugs.
I'd like to add another problem:
3) Too few people are willing to identify the real problem: Hipsters. The blame is placed on companies or entire open source projects, for example, rather than the Hipsters who are responsible for the problems. It really doesn't help that the Hipsters have adopted Codes of Conduct into their projects that they then use against anyone who dares point out the problems they've caused. That's why Rust has turned into the mess that it is, for example. Criticism and pointing out of flaws is strictly forbidden within Hipster-dominated software projects.
I don't think they can do that. If anyone can download and compile the MacOS source code, and tweak it to run on different computers, Apple's hardware sales will go down the drain.
Yes, it would get rid of a lot of bugs. But it would also get rid of Apple itself. I'm not saying that would be a bad thing, just that it would be monumentally stupid.
Because it's 2017 and the green site STILL can't handle Unicode?
The blank root password attack is only a local privesc in the default config too...
It works over screen sharing, but that's not enabled by default.
It doesn't seem to work on the local login screen, at least on the machine i've tried (plus by default the local login screen shows you a list of users and doesn't let you type a username).
To exploit on a default system you need to have local access to an unprivileged user account, and from there you can get root.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
It depends on the situation. Since AFAIK is requires physical access to the computer, it wasn't really a problem for people with home computers. For people traveling with laptops, or workplaces with Macs, it was a huge security problem.
It was exploitable over remote desktop, but not over SSH. So, depending on how you have your computer configured, it may have been remotely exploitable (assuming VPN or local network connection, or an insecure router/firewall configuration)
I could argue the other way around.
For a smaller company, having your code open source allows for more eyes on the software then what a small company can afford. While the biggest company can hire a lot of people to check and review the code.
If your program such as OS X is very popular and had a lot of features that competitors would love to see how they approached a problem, having it Open source could lead to a lot of excessive copying if not the code directly, duplicating the idea and specifications. Having an OS X compatibility layer in Linux or in Windows. Knowing which checks is needed to make a good Hackintosh system.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Give 'em a break, they've only been developing software for 40 years
I don't know the meaning of the word 'don't' - J
Did you even read the GP comment? It covers that very clearly:
When you're doing cutting edge work, you'll make cutting edge mistakes.
DOS was the first OS that saw huge mainstream adoption. Of course this situation would bring up unanticipated problems.
Windows 95 was the first OS that saw huge mainstream adoption during the era of mainstream Internet usage. Of course this situation would bring up unanticipated problems.
BB devices were the first to see huge mainstream adoption at the earliest stages of the modern smartphone era. Of course this situation would bring up unanticipated problems.
IE 6 was the most advanced browser of its day, pushing the boundary far beyond what Navigator did. For example, IE 5 and IE 6 were the first browsers to give us AJAX, which is still used today. Of course this situation would bring up unanticipated problems.
The issue here is that Millennials/Hipsters aren't doing cutting edge work. They're doing very basic work most of the time, but they're making mistakes that we knew about, and how to avoid them, decades ago!
Apple's response is just PR-driven BS, and your comment does NOT deserve the "insightful" moderation the shills and sakura gave it. The only insight from your comment is that you have minimal contact with Apple.
Try and honestly criticize Apple in an Apple-controlled venue and you will find out what total lack of respect means in a profit-dominated context. For example, if you had tried to describe this rather horrendous security problem and gotten too negative, I predict you would have found your comment blocked. Based on my years of experiences involving a MacBook Pro (which I still use on a daily basis for certain tasks), I actually think Apple has automated the censorship using sentiment analysis of the draft comment. Or perhaps it's profile-driven by the secret dossiers they have on each of us?
I could write a more substantive response on the topic, but here on Slashdot such a comment would merely be shouted down by pro-Apple fanbois with mod points to burn. Not worth the time, though I will donate a few seconds for a rerun of the capsule version:
Capitalism and communism are dead. Our new religion is corporate cancerism. There is no gawd but profit, and Apple is gawd's chief prophet.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
I thought it required physical access, as well; then I read reports of people being able to access screen sharing and AFP shares using this method. I don't have a system running High Sierra to be able to verify those claims, but it seems plausible.
...
... I write as I check the shipping status of my new MabCook Pro.
This just isn't a bug you accidentally introduce into a properly designed auth system. That means either someone was acting maliciously, or the system was designed with extreme incompetence. Since we're talking about Apple, I don't think many fanbois will accept the incompetence explanation, so we'll go with malice to avoid triggering them. Since they allow Apple to maliciously empty their wallets, they seem to be okay with malice...
But, then, I'm a user, not a fanboi -- and I placed the order before this was made public.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
It's not really worth arguing about. Anything can get "viruses" or "get hacked", especially when a lot of those "viruses" are trojans and a lot of "hacks" are social engineering.
Macs are pretty solid. They have problems too. Why can't we just get over these petty arguments and stop feeding the trolls?
I think in terms of software Apple is a victim of its own success.
iOS is nearly the same as it was back in the original iPhone, sure we got a lot of new stuff in it, but it is based on what was popular. If apple risked Thinking Differently, then their product may scare off customers.
If the iPhone wasn't as popular of a device I expect to see a lot more changes in the iPhone and iOS devices, as well in OS X.
Apples biggest changes in its OS was from 1999 - 2005 Where Apple was nearly dead, and Microsoft was the Big unstoppable name in town. Having to change from MacOS 9 to OS X (A complete OS Rewrite) and putting a lot of big changes until 2007 where XP was starting to show its age, and Vista was failing to impress.
However Apple used this time and put their resources to the iPhone, but this has been successful for a long time, so much of the software hasn't been rethought, because it works and it is popular.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Comment removed based on user account deletion
Your negative assessment is only accurate as far as it goes. If the Slashdot moderation were not so borken (sic), that could explain your lack of an "insightful" mod, though I'd prefer to think it was your omission of the positive side (in the fantasy context of good moderation). I think your missing keyword is "priority", as in security is not a high (or high enough) priority at Apple because something else is. That something else is profit, as summarized in my earlier reply.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Now dump the thin is king hardware devs! and get some real workstations. IMAC pro no ram door come on it's not that hard!
Mynd you, moose bites Kan be pretty nasti...
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
The blank root password attack is only a local privesc in the default config too...
It works over screen sharing, but that's not enabled by default.
It doesn't seem to work on the local login screen, at least on the machine i've tried (plus by default the local login screen shows you a list of users and doesn't let you type a username).
To exploit on a default system you need to have local access to an unprivileged user account, and from there you can get root.
Mod Parent Informative...
It's embarrassing for ./ really. The Content-Type header says "charset=utf-8". And they could have easily fixed the form with a slight tweak to ./'s HTML. Example: <form action="//apple.slashdot.org/comments.pl" method="post" accept-charset="ISO-8859-1">
“Common sense is not so common.” — Voltaire
I'm curious what companies patch the problem and not state any details about it? I've always seem MS and linux distros provide very concise details about exploits and the fixes for them.
I totally agree that waterfall planning for software doesn't make sense, but IMO neither does Features Features Features, 10 deploys a day, release now/patch later, and all the other things we've gotten as the pendulum shifted all the way to the other side. I'm on the Windows side of the fence and it's been an interesting couple of years watching them run through release release release and gradually slow it down a bit as they see quality dropping.
Operating system or application code, running on machines people own and potentially controlling sensitive processes/data, need to be developed a little alower and safer than the average phone app. Phone apps only have a couple of client devices and a known back-end...operating systems are still within the user's control to some extent. OS bugs are very public, potentially very dangerous, and can't be changed by some Red Bull-fueled developer pushing a quick hack change to production. Even if you automate patching, a patch still needs to be released and regression-tested.
I'm hoping every software company will take some of these lessons into account, because I like the faster pace of development and don't want projects to turn into bug-ridden messes because someone read one too many Agile books and isn't focusing on the actual work.
Instead of writing "MabCook Pro" you might as well just go with "MacTim Pro" or "MathCook Pro".
#DeleteFacebook
Apple's response is just PR-driven BS, and your comment does NOT deserve the "insightful" moderation the shills and sakura gave it. The only insight from your comment is that you have minimal contact with Apple.
Try and honestly criticize Apple in an Apple-controlled venue and you will find out what total lack of respect means in a profit-dominated context. For example, if you had tried to describe this rather horrendous security problem and gotten too negative, I predict you would have found your comment blocked. Based on my years of experiences involving a MacBook Pro (which I still use on a daily basis for certain tasks), I actually think Apple has automated the censorship using sentiment analysis of the draft comment. Or perhaps it's profile-driven by the secret dossiers they have on each of us?
I could write a more substantive response on the topic, but here on Slashdot such a comment would merely be shouted down by pro-Apple fanbois with mod points to burn. Not worth the time, though I will donate a few seconds for a rerun of the capsule version:
Capitalism and communism are dead. Our new religion is corporate cancerism. There is no gawd but profit, and Apple is gawd's chief prophet.
Why use so many words? You could have packaged all that into a single sentence:
Blasphemy!! Summon the Holy Inquisition !! BUUUUUUURN THE HERETIC!!!
I thought it required physical access, as well; then I read reports of people being able to access screen sharing and AFP shares using this method. I don't have a system running High Sierra to be able to verify those claims, but it seems plausible.
This just isn't a bug you accidentally introduce into a properly designed auth system. That means either someone was acting maliciously, or the system was designed with extreme incompetence. Since we're talking about Apple, I don't think many fanbois will accept the incompetence explanation, so we'll go with malice to avoid triggering them. Since they allow Apple to maliciously empty their wallets, they seem to be okay with malice... ... ... I write as I check the shipping status of my new MabCook Pro.
But, then, I'm a user, not a fanboi -- and I placed the order before this was made public.
What's the big deal?
Apple already published a simple workaround, which will completely fix the issue until a properly-tested update can be released. (Note: Yesterday's article had a link to an Apple Knowledge Base Article on how to fix the bug temporarily; but now that the Update has been released, MacRumors edited that out of their article, so here's what's left of the original workaround).
https://www.macrumors.com/how-...
And in fact, here is the REAL Update:
https://www.macrumors.com/2017...
Less than 24 hour turnaround? I'd say that's about as good as it gets!
It *used* to be. Now their hardware is nothing more than a gratuitously expensive appliance.
If I could easily run OSX on non-apple hardware, I'd do it in a heartbeat. (And when I say run, I mean perfectly, flawlessly, without something not working right)
I'm still using a 2010 MBP because every version they put out afterward is more and more annoying. Can't replace the battery. Can't replace storage. Can't replace ram. Now you don't even get a USB 3 or HDMI port. It's offensive.
They claim that it's "future proofing" the machine. That's nothing but a lie to mask their efforts to gouge the crap out of people on dongles.
While you're on the money about the fact there's a specific subculture that is regressive and counter-productive to software quality that is apparently belligerently persisting to fight against industry best practices, should we really be using the word "Hipster" as a label for them? Don't get me wrong, I've got no special love for "Hipsters", and all their tight-pants flannel-wearing beard-sporting shenanigans, I'm not sure they actually have anything to do with this. As far as I can tell it seems to be actually a flood of current, former, and aspiring Microsoft programmers causing this, with some inside help from RedHat (who we never really should have trusted anyway) and while some of them may incidentally be Hipsters, I don't think most Hipsters are actually even coders. You may be wrongfully lambasting the wrong subculture here.
So basically every Mac in every school where students use a generic login.
Also the Darwin kernel, i.e. BSD on Mach, is already open source. Even though BSD is BSD not GPL licensed and they'd be legally allowed to keep their very extensive changes secret, Apple still release their changes
https://opensource.apple.com/s...
The don't release all the kernel mode code though - e.g. they don't release the source code to "Dont Steal Mac OS X.kext"
http://www.osxbook.com/book/bo...
They also don't release the source code for the user mode stuff, but then they don't have to.
And it seems like they already get the benefit of any 'many eyes make all bugs shallow' effect from opening up the kernel.
'Many eyes make all bugs shallow' is bogus anyway. It's not like many people are going to sit, read the source to something and find a vulnerability. And even if they did there's nothing to stop them selling it to someone other than the vendor - e.g. Russian/Chinese mafia, NSA, GCHQ etc probably all pay better.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
True enterprise level bugs, only from Apple
Oh, really?
Wanna check out some Windows and Linux bug-lists?
You've disproven your own point. You get 20+ emails. And if you'll notice the stuff that's serious gets fixed pretty quickly. Conversely with some other companies you never hear about the bug until it's been exploited or patched. So you don't know about the 2000+ vulnerabilities that you're exposed to that have been hanging out for years because closed source company has decided they're too expensive to fix. But don't worry. The CIA knows about them. Of course so do the bad guys. Ignorance is bliss right?
I don't believe in karma, I just call it like I see it.
And provides a link to a KB article with all the details... Of course they don't give you all the gory details right in the windows update window.
IOS has a "feature" that the OS pops up a request for your Apple ID credentials at random times. Open Pandora and you'll get a popup. Open pretty much anything and the popup appears. There's no provenance to the pop up so you don't know what part of OS is asking for the credentials or why. Backup works without answering the request as you can be signed into iCloud and still get the pop up.
My response is to dismiss the pop up and continue with what I'm doing but it's a PITA. A naive user will enter their credentials in the hope the "feature" is mollified which it sometimes isn't.
The correct way for IOS to ask for the credential is for the popup to say "Open Settings/icloud ( or whatever) and enter your AppleID." Settings would second the request by posting a little icon indicating there's a response pending ala a text message. An animation within settings would guide the forgetful user if the path is more than one level deep in settings so they'd navigate to the proper IOS setting to satisfy the pop up.The point of all that is you know you're talking to Settings when you provide credentials.
The current scheme is ripe for an app to steal your Apple ID. Write an app that does something kind of useful, wait for the 10th, 20th, run and pop an identical pop up that looks just like the OS popup. The user can't tell if it's the app or IOS asking and enters their credentials. Voila, you have access to the user's Apple ID. A little more elided hacking will circumvent 2 factor if it's enabled.
Too much water has gone under the bridge that I guess an obvious attack is new again.
To exploit on a default system you need to have local access to an unprivileged user account, and from there you can get root.
It's not like that's a minor issue, though. People always go, "Well if you have physical access to the machine, anything goes..." But imagine this scenario: You hate somebody at work and they walk away from their Mac without putting it to sleep. You walk over, gain root access, AND set a password for the root account. So now, even if the machine is put to sleep or switched off, you still have access to it.
Breakfast served all day!
If the Slashdot moderation were not so borken (sic), that could explain your lack of an "insightful" mod
Moderation doesn't matter: karma is just a number on a server somewhere.
I think your missing keyword is "priority", as in security is not a high (or high enough) priority at Apple because something else is.
If Apple puts more priority on security, there are a lot of things they can do (for example, do managers include time in their sprints for the programmers to think about security?)
The reality is though, even if you have really nice processes, if the people writing the code don't care about security, then you'll end up with bugs like this. You can make process requirements that every line of code has a unit test, but then you will get people writing tests that check for nothing.
Of course you can make a process of "anyone who doesn't care about security will be fired," extreme but true.
"First they came for the slanderers and i said nothing."
Correct.
I manage several hundred of them, however.
So leaving a logged in session is dangerous, and this bug makes the existing dangerous behaviour a bit worse...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
This seems like they need to.. revamp their processes completely. Don't you think any new PRODUCTION software being released, during the increased hack threats ever being reported... during the busiest shopping of the year.. would have been verified across 3 different points at least?? Development -> Testing of changes across at least 3 environments Quality Assurance -> Verifying only what's changed works as expected? Maybe lets spend a bit more time on that one. Security Review -> Verifying security points through automated & manual review pertinent to the change? Something with accounts, passwords, users was changed. Additional security review of files, users... lsof and strace work on a basic level when you don't work at Apple. Apple.. this is Kindergarten stuff.. it should be embarrassing with a follow-up assurance package for a year verifying security on offline, local levels..for all of your AppleCare customers. Experian, Red Code.. Every Apple across the world? Common guys.. Kindergarten. -B2
Oh hahaha I assure you that was a typo. I would never purposely honor Tim Cook in that way.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I'm not sure millennials are to blame. Driving this breakneck pace of software development is corporations looking to make a quick buck with little thought or care given to security or quality. It's crank it out or we'll get someone who can. So they inspire this sort of crapfest.
I don't believe in karma, I just call it like I see it.
It's only as big of a deal as a similar bug in Windows would be. I don't think either of us think it's that huge of a deal since it's easy to mitigate and anyone following best practices wouldn't have been affected to begin with. That said, you and I both know that most Mac users don't follow best practices as far as security is concerned; they bought their Mac precisely so they didn't have to be a sysadmin, so this is actually a pretty big deal for a lot of users and will remain so until those users apply the patch -- which might be never for those who turned off automatic updates and don't want to be sysadmins. Admittedly, that's a small number, but we both know it's not 0.
That bit about checking shipping status, by the way, 100% truthful. Brand new space gray MBP due in tomorrow.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Something's fishy about the "auditing our development processes" response. Maybe somebody was deliberately trying to slip in a back door?
Even OS X has gone from great to "meh". I don't see many companies bothering to write Mac specific games. macOS is the only mainstream OS with no iSCSI capability. Apple is sitting on a ton of cash, they might as well throw a bit to make macOS a generation or two ahead of the pack. A few ideas that Apple can do:
1: Things like hierarchical storage volumes, where when accessing a file, macOS will fetch it, or prompt you to connect the media (external HDD, CD, etc.) so it can access it. That way, you can store documents locally, have them get moved to iCloud, and transparently backed up to Time Machine, as well as a third party cloud provider (Amazon S3, Wasabi, Backblaze, etc.) It handles where the files and their backups are and warns the user if backups are not accessible... the user just accesses them through a volume. Security/encryption can be done at a file/folder level, so files can be easily shared or secured.
2: Better enterprise-tier management, as in being able to be managed via GPOs. Companies would move to Macs en masse if they could be managed as easily as the Windows desktops.
3: Better remote access, perhaps bring Back to my Mac up to par with LogMeIn or TeamViewer, with two-factor authentication, as well as optional authentication to the machine.
4: The ability to virtualize macOS for VDI systems.
5: The XServe back, with a built in hypervisor and license. It would be nice if it were bundled with ESXi, to help with item #4.
Apple has so much cash, it is surprising why they haven't just tossed some man-hours into keeping well ahead of their competition with their products.
Please stop replying to every fucking Apple complaint. You look pretty pathetic.
I hate that Slashdot doesn't let you mod in the same thread you posted in. I'd totally give this a +1. I agree entirely.
The only saving grace is that they haven't fucked up Mac OS as badly as Microsoft has fucked up Windows.
Although apparently you *can* have multiple users log in remotely to a single computer, VDI style. The problem is that they use some variation of VNC so your trapped in the resolution of the physical monitor. Apparently some company tried to put out an RDP server for OSX but Apple shut them down. RDP support on Mac would be phenominal.
Do you really think there's that much demand for MacOS these days?
Apple has about 7.5% of the PC (desktop+laptop) market. That is about half of their peak around 1989 by market share, but way more units sold because the market today is so much bigger. Nearly all of these are laptops, since Apple has mostly abandoned the desktop.
people buy Mac's mostly because they're Apple people, or perceive it as some kind of status thing.
I use a Macbook because MacOS is Unix that "just works".
It will work on the local login screen if you have more than one user setup on the system.
Absolutely! Every PC laptop has a direct PCI ssd that can read at 3GB/s and has 4 40Gb external connections that can also drive multiple 4K displays. /s
Rootpipe (an actual privilege escalation) - the issue with this one was Apple only patched it on the latest greatest OS at the time, but all the other OS's got patched 6 months after a lot of complaining by some seriously smart security experts.
Apple really doesn't take security all that seriously. Biggest example - show me on Apple's website what OS's are supported and which OS's are end of life?
We greatly regret this error and we apologize
Of course they do. What company would not copy/paste the security breach boilerplate in such a situation? It could even be automated: if +"security flow" +apple yields something in the news, send the press release.
Please stop replying to every fucking Apple complaint. You look pretty pathetic.
Please go fuck yourself.
commodity PC hardware
Except the trackpad. And the logic board is custom-designed, like all laptops are, so sure, it's made of PC parts, but that's because it's an intel-based personal computer, so exactly how else you'd like them to make it is hard to understand.
And the keyboard, which is also custom-built, and so nice that many actual PC laptops copy its design. And the hinge, which actually feels solid, and that magnet-closed lid, which has also been very widely copied, and is perfectly engineered.
Often I hear the complaint that apple parts aren't easily replaceable, which is true on the newer models, and yet here someone's arguing that apple suck because they *do* use commodity standard parts.... so which is it?
The fact is that apple laptops are simply better built, and better designed, and on average outlast competing PC laptops. And they do this because apple do not bother to compete on price, since the only endgame with price competition is lower and lower quality. Instead they compete on physical hardware quality - cases, hinges, finish, keyboard, trackpad, etc - and also on OSX, which is the real reason that an apple machine is superior to everything else on the market. OSX is just better. It performs better, its APIs are better, its development environment is better. Have you ever written any code for iOS, or for a mac? You should give it a try. Coming from windows and android development, it's an absolute joy.
iOS is nearly the same as it was back in the original iPhone
It looks a bit similar. It is very, very far from 'nearly the same' in every other respect.
If you can't understand what I wrote and actually want to, please feel free to ask for clarification.
If you can't understand what I wrote and don't want to, that's certainly your prerogative.
If you have nothing to say, why don't you just say nothing?
Let me check again. Yes, rereading your so-called reply and making suitable allowances for your poor writing, I can confirm that there is nothing there that has any relevance to anything I wrote. FYI.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
It's not even just that - High Sierra is a mess. I have software crashing on me that never crashed before. For example Preview crashes when I try to open certain PDF files. Or it will crash if I try to rotate an image. I have a brand new Macbook Pro with the touch bar, and it honestly feels like a lemon! That's how bad it is. The display will glitch a lot (display driver bugs?), copying files from an external drive to the internal SSD will cause the machine to freeze and prevent you from doing any work (APFS bugs?), and this is just off the top of my head. It makes me feel like something is terrible wrong with Apple lately.
I just bought two Macbook Air laptops the last two weeks. They still come with MagSafe adapters, and no USB-C. iPhones are still using Lightning adapters instead of USB-C. I mean c'mon Apple! What the hell is going on? How can a multi-billion dollar company screw up this bad?
All those moments will be lost in time, like tears in rain... time... to... die...
Went back to check your original comment. Rather than receive the positive moderation you might deserve, I see that you have received undeserved and meaningless negative moderation. I am certainly not defending either the quality of the moderation or the way it is implemented. However, I think it could be improved. VAST room for improvement. You mentioned karma, which should be part of such improvements. There's a natural symmetry there that is lost in the current approach.
Not sure about the longer second part of your reply. I could interpret it as agreement with examples, or that you are going in a different direction. I think that I definitely agree with you about the trade-offs, so perhaps I can address it with a pie-in-the-sky solution implemented via tax policy.
Let's start with the premise that Apple is doing a good job of serving the customers and deserves the profits. My more controversial premise is that Apple's customers would still benefit from more freedom in the form of additional choices. Perhaps it would sound less controversial if I reworded it in terms of the lack of a perfect solution for every person? Apple's best offering might be perfect for some people, but never for everyone--even if that assumption would maximize their profits.
So imagine that dominance in their market increased their tax rate. At some point it would make good sense to consider reproduction of the good ideas. Not a penalty for success, but rather an incentive to create more copies of the good ideas and let them evolve into the future. Divide Apple (or MS or Google) into competing companies with equal shares of the resources. Actually starting with the same profits, but divided among the daughter companies. If they want to maintain a standard platform, they could keep doing that, but the platform standards would have to be shared in public.
You might want to buy your next machine from a division that decided to put a higher priority on security. Based on my experience to date, I would be looking for the company that remembered physical security with a Kensington lock anchor on their machines. We might even get a hotkey screen lock on both options because of the competition.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
This just indicates that someone was very very sloppy. Sloppy like MS coders. ;)
The cesspool just got a check and balance.
But don't be fooled: one thing Apple remains firm on—Apple's customers don't deserve software freedom. Apple will continue to pursue its walled garden, ever restrictive practices built around DRM, proprietary software, app store censorship, and so on (see more about how Apple's malware adversely affects its users). The latest insecurity should not be taken as a sign that Apple's users deserve to fully own their computers. Apple will remain firmly in control over their users no matter how capable or willing they may be to want to run, inspect, modify the software, or share improvements to help make things better for their fellow Apple users. I'd like to be able to say to users: pay more for Apple because they sell you software freedom and that deserves extra money to help keep them in business treating you, the prospective computer owner, right. But I can't say that about Apple, so I recommend that you take your business elsewhere and do business with other distributors.
Digital Citizen
"To exploit on a default system you need to have local access to an unprivileged user account"
You just described every single Mac in use at a corporation, school, and government office. Not to mention a double-digit percentage of home users. I can't even begin to tell you the number of iPhone users that don't have an AppleID. The unwashed masses don't care about security and want the least difficult barrier to using a device which means not creating an AppleID on anything they own.
-==- Buy a Mac and leave me alone!
MY god! You just hit the nail on the head. I have been really hating this new interface style that has been spreading like a bad rash but couldn't really put my finger on what it it was specifically. As of recent (and by recent, I mean over the last 12 years), I found that overall software has become far less efficient to use. I'm thinking about the same time that Microsoft introduced "the ribbon" in their office suite software was the start of the real decline. Enter Windows 8, metro interface, no desktop, etc.
I was just writing it off as me getting old, and "You young whippersnappers...." and "Get off my lawn", resistance to change... But now I'm going back to thinking it is just p1$$-p00r design/implementation of technology. Something that really irked me in the late '80s and throughout the '90s - the only difference then was good established worked processes trumped trendy and aesthetics, while now it is the exact opposite.
Who would have thought that 'everyone gets a trophy' would have such a disaster on software development and user-interfaces.
Before you take it in, put 20v through the flash chips on the soldered-in SSD. You do have backups, right?
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I use a Macbook because MacOS is Unix that "just works".
As much as the various hardware limitations, software limitations (max of OpenGL 4.1 in 2017? Come on) and closed, proprietary technology over open standards (Metal over Vulkan, Airplay, Airdrop, Facetime, etc) is annoying I do like that the kernel can be updated without it breaking the display driver and having to go into a terminal to recompile the kernel module just to get the GUI working again. It's all those niche little annoyances that still persist all across Linux that add up to it being a poor user experience. Macs aren't perfect but on a day-to-day basis I often prefer to deal with their flaws than Linux's.
JAMF Pro is a nice utility... but, boy, it is not cheap. IMHO, this functionality should be part of the OS. The "server app" is also something that needs revisited. In the real world, other than MDM capabilities, something like LANrev/JAMF shouldn't be required.
PXE/NetBoot is also important. Maybe some way to have the machine grab code from a local server rather than Apple when there is no usable software on the drive, and one doesn't have a USB flash drive ready.
Not only is it not Windows, it's Unix. Mac OSX is a user-friendly Unix that runs Office. Try finding anything else like that in the market today.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
You're blaming the wrong people. Millennials didn't give the go-ahead for Windows 8; that decision was made by considerably older people. Millennials implemented a lot of it, but they were working to somebody else's stupid ideas and inane specs. If they'd have tried to give it a decent UI, they'd have been fired.
Systemd? Lennart Poettering was born in 1980, and that's generally considered to be the previous generation.
They're focused on aesthetics and trendiness? Do you know one consistent thing about developers from a long time ago? They're pretty good on providing what they're asked to provide. If they're rewarded for great aesthetics but not for good security or human interfaces, what do you think you're going to get?
There really aren't that many problems attributable to the developers. Most of the problems are management. The developers were told to do A, even when sound software development principles are to do B. Guess what they do? They're told to crank out the code and not care about security. Guess what they do? The manager wants to put NoSQL supervision on his or her resume. Guess what the developers use? Management wants to cheap out on developers and pay the least possible amount. Guess what happens to the code quality?
It's amazing the amount of self-contradictory crap the Millennials get. Earlier generations raised them. Earlier generations manage them. If there's something you don't like about what they produce, Boomers and Xers, it's your generation's fault.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
First, you're wrong. Windows 95 was very simple compared to modern versions of Windows. There's always cutting-edge work going on. Modern versions of Windows would scoff at the attacks available in the late 90s, and a 90s OS would be totally pwned today.
Second, the educators, who are usually not millennials, are failing, or the managers, who are usually not millennials, aren't paying for expertise or requiring their developers to learn or giving them enough time to do a good job, or the previous generation, which are not millennials, is crap at passing along knowledge and wisdom.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
The Wikipedia page on Gedit lists Paoli Maggi as the top person involved. Maggi got his Ph.D. in 2002, and is hence not a millennial. If you dislike modern interfaces, blame Generation X.
There's a lot of crap out there by millennials. There's a lot of crap out there by Gen Xers. There's a lot of crap out there by Boomers.
You know? I'm going to blame this crap on Generation X, since it's usually Gen X that makes the bad decisions.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Not going to happen. The advantage of running OSX on Apple hardware is that that's what it's designed to run on. There's no reason why it should have what it needs to run on a Dell or a homebuilt.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
That's a lot less true of the iPhone. Apple designs the CPU for that, and does a pretty good job.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
So, I hate someone at work and they walk away from their patched Mac. I walk over and delete their user files or send an embarrassing email to their entire distribution list of something. Having physical access to the machine with an account logged in is never a minor issue.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
With an Apple?
His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
Yes, assuming those macs have been upgraded to high sierra... Although in mitigation, high sierra is quite new and schools don't generally upgrade systems right away so i imagine the actual number of systems affected by this to be pretty small.
The biggest risk with any vulnerability is against default setups, as users are more likely to be unaware. If someone has gone to the effort of changing the defaults then they will be more aware of how things are set up. This vulnerability is also not exploitable if you've already set a root password, which many managed setups are likely to have done anyway.
Besides, it's not the first and won't be the last local privesc vulnerability... There are many more in various systems, this one just happens to be easily exploited.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Didn't work for me..
By default i was shown a list of users and nowhere to type "root", upon changing that setting it still didn't work.
Also this assumes the system is already booted, or not using disk encryption... If the disk is encrypted you can't login as root to the pre-boot auth screen and therefore can't boot the system. If disk encryption is not in use you can just boot from USB, mount the disk and insert your own password or backdoors anyway.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!