IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New There is something wrong at Apple
...with specific respect to testing.

The GotoFail bug from 2014 was pretty egregious - all sorts of non-controversial methods could and should have caught it (checking for repeated lines of code, which should be inspected; checking for unreachable code; actually fucking testing that an invalid certificate didn't fucking work, etc.) and the speed with which Apple has turned round the fix would indicate that this is similarly sloppy and easily fixed.

There was the APFS password hint bug. https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
There was the keychain bug. http://mashable.com/2017/09/26/apple-mac-os-high-sierra-password-exploit/?utm_cid=a-seealso

Not to mention a raft of less critical but still annoying bugs - the random restart/freeze bug would not generate good cheer, for example.

(I found an interesting analysis of the APFS password hint bug, and I'll update this post when I find it again. tl;dr: it's just as idiotic as the GotoFail bug - ETA link https://objective-see.com/blog/blog_0x23.html - it's another copy/paste error)

Apple is an organisation with no excuses - it has the resources and the talent to do this properly. This is a question of management priorities. Whatever Apple says about its commitment to security is irrelevant; the facts are there for all to see.
Expand Edited by pwhysall Nov. 30, 2017, 04:00:09 AM EST
New And they broke the fix
There are unconfirmed reports that the patch breaks certain configurations of SMB file sharing:

https://arstechnica.com/civis/viewtopic.php?p=34406677#p34406677

This security update breaks SMB file sharing if you don't have the "Less secure" password setting turned on. If you don't have that setting turned on and try to connect to a patched Mac, your password will not be accepted. Quality work, Apple.
New It's been that way for a long time.
A friend bought a 1U MacOS Server machine for work. It was nice, but the fans were very loud. He said all kinds of simple yet important things related to account permissions, IIRC, would break whenever he updated the OS. It was as if they had done no testing at all before rolling it out.

As you say, they've got no excuse. But it shows that they continue to not really care about macOS.

Cheers,
Scott.
     macOS High Sierra root password is blank. - (Another Scott) - (15)
         Your subject is incorrect(ish) - (pwhysall) - (14)
             Thanks. - (Another Scott) - (2)
                 FWIW the fix is already out. -NT - (malraux) - (1)
                     And installed on my MacBook! :) - (a6l6e6x)
             It goes beyond the root account - (scoenye) - (10)
                 Thanks for the pointer. - (Another Scott) - (5)
                     You're not missing much - (pwhysall) - (4)
                         Only thing I still read is BOFH -NT - (drook) - (3)
                             And the BOFH kind of lost its way years ago and never really recovered. :-/ -NT - (static) - (2)
                                 Not what it used to be - (drook) - (1)
                                     The BOFH and the PFY come across as just mean, now. -NT - (static)
                 When Convenience overwhelms Security. - (static) - (3)
                     There is something wrong at Apple - (pwhysall) - (2)
                         And they broke the fix - (pwhysall)
                         It's been that way for a long time. - (Another Scott)

God help us when the effects of "switch" are toted up.
132 ms