Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Apple doesn't test any of their products in the real world!

4 views
Skip to first unread message

Harry Newton

unread,
Nov 29, 2017, 8:51:05 AM11/29/17
to
Snowden about Apple Security today:
"Imagine a locked door, but if you just keep trying the handle, it says "oh
well" and lets you in without a key."

We have already provided ample proof that Apple let's the users test their
iOS mobile products for them in the real world (saying only that the real
world is "not supported" by Apple) ...

Now we find out that Apple doesn't even test their desktop products either!
All quotes below are verbatim.

"What to do about Apple+IBk-s shameful Mac security flaw"
Someone at Apple seriously dropped the ball and put an unforgivable
<https://www.computerworld.com/article/3239047/apple-mac/what-to-do-about-apple-s-shameful-mac-security-flaw.html>

Verbatim:
"Apple seriously dropped the ball and put an unforgivable security flaw
inside macOS High Sierra... Complacency and incompetence are the biggest
computer security threats, and Apple's latest Mac security flaw seems to
combine both of these..."

"The flaw means anyone with physical access to your Mac can get inside the
machine...The existence of the problem is shameful. Why does it exist and
who is responsible?"

"I'm flabbergasted this flaw even exists. I see it as an absolute nadir for
Apple security. The problem impacts millions of machines."

Snit

unread,
Nov 29, 2017, 9:52:45 AM11/29/17
to
The videos YOU linked to showing how poorly Android handles even part of the
stated task poorly:

<https://youtu.be/cywLOctCrCs>
<https://youtu.be/bYDvgoYSVSU>
<https://youtu.be/G0sKTWfHHnk>
<https://youtu.be/TfvtREsCQDY>

Those videos claim Android handles the task so poorly that to even get the
first line requires extra hardware. You even claimed the list "goes on
forever". Wow... YOU showed Android is far worse at this than I thought!

And now that you get that you are having a very emotional toddler tantrum.
Which I am feeding. :)

joe

unread,
Nov 29, 2017, 11:27:09 AM11/29/17
to
On 11/29/2017 07:51 AM, Harry Newton wrote:
> Snowden about Apple Security today:
> "Imagine a locked door, but if you just keep trying the handle, it says "oh
> well" and lets you in without a key."
>
> We have already provided ample proof that Apple let's the users test their
> iOS mobile products for them in the real world (saying only that the real
> world is "not supported" by Apple) ...
>
> Now we find out that Apple doesn't even test their desktop products either!

For someone who repeatedly claims they only post facts, this line, and
the title of the thread are not facts. They are statements based on your
personal bias. The presence of developer betas is sufficient to show
this is false. You have never shown a statement from Apple supporting
your false claims.


> All quotes below are verbatim.

and out of context.

>
> "What to do about Apple+IBk-s shameful Mac security flaw"
> Someone at Apple seriously dropped the ball and put an unforgivable
> <https://www.computerworld.com/article/3239047/apple-mac/what-to-do-about-apple-s-shameful-mac-security-flaw.html>
You left out "This is what you need to fix it."

>
> Verbatim:
> "Apple seriously dropped the ball and put an unforgivable security flaw
> inside macOS High Sierra... Complacency and incompetence are the biggest
> computer security threats, and Apple's latest Mac security flaw seems to
> combine both of these..."
>
> "The flaw means anyone with physical access to your Mac can get inside the
> machine...The existence of the problem is shameful. Why does it exist and
> who is responsible?"

The above quote is sentences from different parts of the article, in
different paragraphs. Your editing does not leave this as verbatim.
Using "..." to indicate your editing does not cover up your desire to
present your biased view.

>
> "I'm flabbergasted this flaw even exists. I see it as an absolute nadir for
> Apple security. The problem impacts millions of machines."
>

For someone interested in facts, you are omitting the fact that Apple
has already provided an easy way to close this security hole. That you
fail to include this fact shows your strong bias.

You also fail to mention that Apple is working on a fix. That will be in
a security update, and when that occurs you likely complain about it.
(Based on your previous comments about security updates.)



Jolly Roger

unread,
Nov 29, 2017, 11:56:56 AM11/29/17
to
On 2017-11-29, joe <no...@domain.invalid> wrote:
>
> For someone interested in facts, you are omitting the fact that Apple
> has already provided an easy way to close this security hole. That you
> fail to include this fact shows your strong bias.
>
> You also fail to mention that Apple is working on a fix. That will be in
> a security update, and when that occurs you likely complain about it.
> (Based on your previous comments about security updates.)

Already released:

<https://support.apple.com/en-us/HT208315>

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Harry Newton

unread,
Nov 29, 2017, 12:51:06 PM11/29/17
to
On Wed, 29 Nov 2017 10:27:08 -0600, joe wrote:

> For someone interested in facts, you are omitting the fact that Apple
> has already provided an easy way to close this security hole.

You know as well as I do that Apple *habitually* releases operating systems
with holes in them so big that you can drive a bus through them (must I
remind you of the iOS broadcom fiasco of just a few months ago?).

The fact remains that *clearly* Apple didn't test the release in even the
slightest way for even the very *simplest* of attacks.

Apple *never* tests their releases in the real world (saying only that the
real world is "not supported").

As Snowden aptly said: "Imagine a locked door, but if you just keep trying
the handle, it says 'oh well' and lets you in without a key."

Hint: Apple was too busy spending millions highly marketing the *feeling*
of safety to the Apple gullibles because actual safety isn't their concern.

Snit

unread,
Nov 29, 2017, 1:59:14 PM11/29/17
to
On 11/29/17, 10:51 AM, in article ovms27$1j12$1...@gioia.aioe.org, "Harry
You do realize almost ALL mobile malware is on Android, right? Do you *feel*
safe using it?

--
Personal attacks from those who troll show their own insecurity. They cannot
use reason to show the message to be wrong so they try to feel somehow
superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

<https://youtu.be/H4NW-Cqh308>

Your Name

unread,
Nov 29, 2017, 3:03:14 PM11/29/17
to
On 2017-11-29 16:27:08 +0000, joe said:
> On 11/29/2017 07:51 AM, Harry Newton wrote:
>>
>> "What to do about Apple+IBk-s shameful Mac security flaw"
>> Someone at Apple seriously dropped the ball and put an unforgivable
>> <https://www.computerworld.com/article/3239047/apple-mac/what-to-do-about-apple-s-shameful-mac-security-flaw.html>
>>
> You left out "This is what you need to fix it."

And the fact that Apple has already released the update to fix the issue.


Snit

unread,
Nov 29, 2017, 3:23:05 PM11/29/17
to
On 11/29/17, 1:03 PM, in article ovn3pv$2nn$1...@gioia.aioe.org, "Your Name"
Harry then twists it as BAD that Apple releases fixes.

harry newton

unread,
Nov 29, 2017, 8:37:45 PM11/29/17
to
He who is Your Name said on Thu, 30 Nov 2017 09:03:13 +1300:

>> You left out "This is what you need to fix it."
>
> And the fact that Apple has already released the update to fix the issue.

Of course they fixed it.
It's a bonehead security issue by all accounts.

Apple *never* even tested the release for security one bit.

This is the *simplest* of all tests - and you know that.

The sheer obvious nature of the exploit is utter proof that, time and
again, it's proof that Apple doesn't test their software in the real world.

Lewis

unread,
Nov 29, 2017, 8:46:16 PM11/29/17
to
In message <ovms27$1j12$1...@gioia.aioe.org> Harry Newton <harry...@iOSusersJustGiveUp.com> wrote:
> On Wed, 29 Nov 2017 10:27:08 -0600, joe wrote:

>> For someone interested in facts, you are omitting the fact that Apple
>> has already provided an easy way to close this security hole.

> You know as well as I do that Apple *habitually* releases operating systems
> with holes in them so big that you can drive a bus through them (must I
> remind you of the iOS broadcom fiasco of just a few months ago?).

You are a fucking liar and a scumbag troll shitbag. The Broadcom flaw
was not an APPLE bug, shit-for-brains.

> The fact remains that *clearly* Apple didn't test the release in even the
> slightest way for even the very *simplest* of attacks.

You are full of shit, liar.

> Apple *never* tests their releases in the real world (saying only that the
> real world is "not supported").

You are full of shit, liar.

> As Snowden aptly said: "Imagine a locked door, but if you just keep trying
> the handle, it says 'oh well' and lets you in without a key."

It was a bug. Bugs happen.

> Hint: Apple was too busy spending millions highly marketing the *feeling*
> of safety to the Apple gullibles because actual safety isn't their concern.

You are full of shit, liar.

--
Imagine all the people Sharing all the world

Harry Newton

unread,
Nov 29, 2017, 9:57:52 PM11/29/17
to
On Thu, 30 Nov 2017 01:46:16 -0000 (UTC), Lewis wrote:

> You are a fucking liar and a scumbag troll shitbag. The Broadcom flaw
> was not an APPLE bug, shit-for-brains.

Lewis,

I only speak fact.

I realize you're stupid, along with Jolly Roger and Snit, but you should
ask the others before you continue to make a fool of yourself.

Ask nospam, JF Mezei, Davoud, or Alan Browne since you missed what happened
by a mile because you're so utterly stupid that you can't comprehend the
simplest of basic facts.

It's *well known* (to all but you) that Apple *knew* about the broadcom bug
last year for heaven's sake, and earlier this year, Apple *still* touted a
"security release" that they *knew* they would be *destroying* and
literally begging millions of people NOT to use only 10 days after they
released their security release.

It's *well known* that Apple had in hand the fix but didn't feel like
holding up the so-called "security release" because Apple knows that the
users only care about the *feeling* of security - and not actual security.

The net was ablaze with questions *why* Apple *knowingly released* a
well-touted "security release" that they had the fix in hand for, and yet,
Apple *still* released it, knowing it had security holes so big you could
drive a bus through them.

That's Apple MARKETING at work.
This is all fact.

You - Lewis - are the only one dumb enough not to understand the fact.
(Well, Jolly Roger and Snit are also the dumbest people on the net).

But see if nospam refutes these facts.
See if Alan Browne refutes these facts.

See if JF Mezei refutes the fact that Apple had the bug fix and still
released the software *knowing* they would destroy it in just mere days!

Your Name

unread,
Nov 29, 2017, 10:37:13 PM11/29/17
to
On 2017-11-29 13:51:03 +0000, Harry Newton said:
>
> Apple doesn't test any of their products in the real world!

That's because employees kept leaving the prototypes in bars and
letting their daughters post pre-release You Tube videos using them.
;-)

harry newton

unread,
Nov 30, 2017, 9:37:06 AM11/30/17
to
He who is Your Name said on Thu, 30 Nov 2017 16:37:12 +1300:

> That's because employees kept leaving the prototypes in bars and
> letting their daughters post pre-release You Tube videos using them.

Let's see if Apple fires the bonehead manager who didn't test the root
password on millions of Macs.

Apple *only* cares about MARKETING.

They user only needs to *feel* safe.

The proof is that all of you only want to *feel* safe - none of you care to
actually *be* safe.

All your concerns are about feelings, never about facts.

Snit

unread,
Nov 30, 2017, 1:10:20 PM11/30/17
to
On 11/30/17, 7:37 AM, in article ovp52g$iu1$1...@gioia.aioe.org, "harry newton"
<ha...@is.invalid> wrote:

> He who is Your Name said on Thu, 30 Nov 2017 16:37:12 +1300:
>
>> That's because employees kept leaving the prototypes in bars and
>> letting their daughters post pre-release You Tube videos using them.
>
> Let's see if Apple fires the bonehead manager who didn't test the root
> password on millions of Macs.
>
> Apple *only* cares about MARKETING.

If that was the case then how would they come out with products which serve
people so well?

Your claim makes no sense.

Peter Kozlov

unread,
Dec 2, 2017, 7:43:11 PM12/2/17
to
How does this bug work? How do people gain access to your Mac?

--
Peter Kozlov

Your Name

unread,
Dec 2, 2017, 7:53:20 PM12/2/17
to
They can't, because if you're using High Sierra (10.13) you should have
the common sense to already have installed the update. If you're still
using an older version of Mac OS X, then the problem doesn't affect you
anyway.

As usual, it's a largely a tornado in a thimble ... encouraged by the
grab-a-headline media, the scaremongers, and the anti-Apple
know-nothings.

Peter Kozlov

unread,
Dec 2, 2017, 8:21:45 PM12/2/17
to
But how did it work before the update?

--
Peter Kozlov

Jolly Roger

unread,
Dec 2, 2017, 8:44:31 PM12/2/17
to
The attacker had to:

1. Have access to a logged in (unlocked) user account that already
exists on a Mac where the root account is both disabled and has no
password set.
2. Open System Preferences and click the lock icon to unlock it.
3. Enter "root" as the user name.
4. Click the "Password" field, but don't enter any text.
5. Click OK.
6. If the above steps fail, repeat the procedure until you get lucky.

It's not nearly as big of a deal as the trolls so desperately want it
to be.

Some people report they never succeed. Others say it worked the first
time. Others say they had to retry it a bunch of times before it worked.

nospam

unread,
Dec 2, 2017, 8:50:37 PM12/2/17
to
In article <f8h37t...@mid.individual.net>, Jolly Roger
<jolly...@pobox.com> wrote:

> >
> > But how did it work before the update?
>
> The attacker had to:
>
> 1. Have access to a logged in (unlocked) user account that already
> exists on a Mac where the root account is both disabled and has no
> password set.

it didn't need to be logged in.

> 2. Open System Preferences and click the lock icon to unlock it.
> 3. Enter "root" as the user name.
> 4. Click the "Password" field, but don't enter any text.
> 5. Click OK.
> 6. If the above steps fail, repeat the procedure until you get lucky.

it needs to be at least twice (usually just twice).

the first failed attempt enables the root account with a blank password
and the second authenticates.

> It's not nearly as big of a deal as the trolls so desperately want it
> to be.

true.

> Some people report they never succeed. Others say it worked the first
> time. Others say they had to retry it a bunch of times before it worked.

that could be due to pretty much anything.

Peter Kozlov

unread,
Dec 2, 2017, 9:49:19 PM12/2/17
to
I guess if you have an office full of them such a situation can happen.
At least it is fixed now.

--
Peter Kozlov

Lewis

unread,
Dec 2, 2017, 11:56:13 PM12/2/17
to
In message <021220172050414712%nos...@nospam.invalid> nospam <nos...@nospam.invalid> wrote:
> In article <f8h37t...@mid.individual.net>, Jolly Roger
> <jolly...@pobox.com> wrote:

>> >
>> > But how did it work before the update?
>>
>> The attacker had to:
>>
>> 1. Have access to a logged in (unlocked) user account that already
>> exists on a Mac where the root account is both disabled and has no
>> password set.

> it didn't need to be logged in.

Depends. If there is an "Other..." option on your login screen, but that
isn't generally the case, is it? (I mean, it is on my machines, but I
have hidden users).

>> 2. Open System Preferences and click the lock icon to unlock it.
>> 3. Enter "root" as the user name.
>> 4. Click the "Password" field, but don't enter any text.
>> 5. Click OK.
>> 6. If the above steps fail, repeat the procedure until you get lucky.

> it needs to be at least twice (usually just twice).

> the first failed attempt enables the root account with a blank password
> and the second authenticates.

>> It's not nearly as big of a deal as the trolls so desperately want it
>> to be.

> true.

It was if your machine was available to remote share.

>> Some people report they never succeed. Others say it worked the first
>> time. Others say they had to retry it a bunch of times before it worked.

> that could be due to pretty much anything.

I only tried it 5 or 6 times on my iMac and MBP and it didn't work.

--
"Give a man a fire and he's warm for a day, but set fire to him an he's
warm for the rest of his life."

harry newton

unread,
Dec 3, 2017, 11:02:04 AM12/3/17
to
He who is Peter Kozlov said on Sun, 3 Dec 2017 02:49:18 -0000 (UTC):

> At least it is fixed now.

Read: MACOS UPDATE ACCIDENTALLY UNDOES APPLE'S "ROOT" BUG PATCH
https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/

"Apple's patch is ... nearly as buggy as the code it was designed to fix"

Read: Apple's had a shockingly bad week of software problems
<https://www.theverge.com/2017/12/2/16727238/apple-macos-ios-software-problems-updates>

"It's [yet another] shoddy example of Apple ... not taking the time
to test it properly."

Remember, Apple never tests their products in the real world (saying only
that the real world is "not supported" (e.g., iOS 7.x destroying Linux
connectivity for one example).

And Apple doesn't even test their patches, because the Apple customer feels
*safer* getting multiple patches for the *same bug* as witnessed in the iOS
10.x fiasco where Apple released a highly marketed "security update" even
though they had the broadcom fix in hand *before* they released the highly
marketed "security update". Of course, 10 days later Apple begged every one
of their millions of customers to *destroy* the release because Apple knew
(well before they released it!) that it was so full of holes you could
drive a bus through it.

Apple *knows* its customer want to *feel* safe - so they give them *many*
insecure security updates ... and it works!

--
Apple: The perfectly marketed platform for people who just want to *feel*
safe (not actually be safe).

Jolly Roger

unread,
Dec 3, 2017, 12:55:21 PM12/3/17
to
On 2017-12-03, nospam <nos...@nospam.invalid> wrote:
> In article <f8h37t...@mid.individual.net>, Jolly Roger
><jolly...@pobox.com> wrote:
>
>>> But how did it work before the update?
>>
>> The attacker had to:
>>
>> 1. Have access to a logged in (unlocked) user account that already
>> exists on a Mac where the root account is both disabled and has no
>> password set.
>
> it didn't need to be logged in.

From what I've read they need to be able to log into an existing
account, open System Preferences, and unlock it.

nospam

unread,
Dec 3, 2017, 2:26:03 PM12/3/17
to
In article <f8is48...@mid.individual.net>, Jolly Roger
<jolly...@pobox.com> wrote:

> >>> But how did it work before the update?
> >>
> >> The attacker had to:
> >>
> >> 1. Have access to a logged in (unlocked) user account that already
> >> exists on a Mac where the root account is both disabled and has no
> >> password set.
> >
> > it didn't need to be logged in.
>
> From what I've read they need to be able to log into an existing
> account, open System Preferences, and unlock it.

keep reading. that was the initial claim, but later changed.

Snit

unread,
Dec 3, 2017, 6:44:42 PM12/3/17
to
On 12/3/17, 9:02 AM, in article p0175p$18jv$1...@gioia.aioe.org, "harry newton"
Software can have bugs. Quick fixes are not always enough to fully fix
things.

News at 11.

It is like Harry is completely new to the tech world.

Jolly Roger

unread,
Dec 4, 2017, 1:42:16 AM12/4/17
to
I see. That blows. Apple really poo'ed the screwch on that one.

harry newton

unread,
Dec 4, 2017, 9:18:26 AM12/4/17
to
He who is nospam said on Sat, 02 Dec 2017 20:50:41 -0500:

> it needs to be at least twice (usually just twice).
>
> the first failed attempt enables the root account with a blank password
> and the second authenticates.
>
>> It's not nearly as big of a deal as the trolls so desperately want it
>> to be.
>
> true.

You Apple apologists are the most amazingly different people around.

To you, it's NOT a big deal that anyone can be ROOT on the Mac?
Completely without a password?

Are you crazy?
You Apple apologists are *completely blind* to basic security 101?

You Apple apologists just want to *feel* safe - not actually be safe.

harry newton

unread,
Dec 4, 2017, 9:20:17 AM12/4/17
to
He who is Jolly Roger said on 4 Dec 2017 06:42:14 GMT:

> I see. That blows. Apple really poo'ed the screwch on that one.

And they blew the patch too!

Apple *never* tests their software in the real world.

They say on their web site the real word is "not supported".

That's a fact.

nospam

unread,
Dec 4, 2017, 9:21:30 AM12/4/17
to
In article <p03lfg$mku$1...@gioia.aioe.org>, harry newton
<ha...@is.invalid> wrote:

>
> > it needs to be at least twice (usually just twice).
> >
> > the first failed attempt enables the root account with a blank password
> > and the second authenticates.
> >
> >> It's not nearly as big of a deal as the trolls so desperately want it
> >> to be.
> >
> > true.
>
> You Apple apologists are the most amazingly different people around.
>
> To you, it's NOT a big deal that anyone can be ROOT on the Mac?
> Completely without a password?

it's not as big of a deal as some want it to be and it's been patched
so it's no longer an issue.

and let's not forget windows xp with its blank administrator password.

harry newton

unread,
Dec 4, 2017, 9:30:48 AM12/4/17
to
He who is nospam said on Mon, 04 Dec 2017 09:21:29 -0500:

> it's not as big of a deal as some want it to be and it's been patched
> so it's no longer an issue.

Only an Apple apologist would say that logging into ROOT sans any password
is "not a big deal".

It's a freaking *huge* deal - where the only ones saying it's not are you
Apple Apologists.

Everyone knows it's due to Apple's utter lack of software testing.
This is the *simplest* of all bugs - which they obviously don't test for.

They even screwed up the patch for heaven's sake.
You know all this to be fact.

> and let's not forget windows xp with its blank administrator password.

You Apple apologists try to deflect blame without ever taking
responsibility.

No platform is safe. You just want to *feel* safe.

That's all that Apple cares about.

Apple spends millions marketing the *feeling* of safety.
But it's a fact that Apple ships software as buggy as anything out there.

--
Apple products are marketed to those who just want to *feel* safe.

nospam

unread,
Dec 4, 2017, 9:52:48 AM12/4/17
to
In article <p03m6m$nnt$1...@gioia.aioe.org>, harry newton
<ha...@is.invalid> wrote:

>
> > it's not as big of a deal as some want it to be and it's been patched
> > so it's no longer an issue.
>
> Only an Apple apologist would say that logging into ROOT sans any password
> is "not a big deal".

it has nothing to do with apple.

most people don't spend their time around untrustworthy people who
would be trying to log in as root, no matter what system it is.

if you live with people who would even consider that, let alone try it,
then have much bigger problems.

for me, not a single person in my household would be trying to log into
root no matter what system it is, and that's pretty much the case for
most households.

remote access is off by default (and is usually blocked by many isps
anyway), so that vector is not viable either.

it is a potential risk for businesses, where there are many computers
that are easily accessible, but most employees are trustworthy and
aren't going to hack their coworker's systems and risk getting caught
and be out of a job.

it's definitely a major oops, but it's been fixed.

what matters is the response, which was a patch within 18 hours, most
of that time was overnight.

harry newton

unread,
Dec 4, 2017, 1:24:54 PM12/4/17
to
He who is nospam said on Mon, 04 Dec 2017 09:52:47 -0500:

>> Only an Apple apologist would say that logging into ROOT sans any password
>> is "not a big deal".
>
> it has nothing to do with apple.

It has *everything* to do with lack of software testing in the real world.

The word "shoddy" shows up a lot in news articles about Apple QA testing.
So does "appalling" and "nadir" when it comes to Apple software QA testing.

This bug PROVES beyond a shadow of a doubt that Apple doesn't test for even
the *simplest* of bugs in the real world. Because being root sans password
is just about as bad as it gets when it comes to computer operating systems
security.

> most people don't spend their time around untrustworthy people who
> would be trying to log in as root, no matter what system it is.

You Apple Apologists sure are funny people.
Try telling Linux_users being root sans password is not a security threat.
You'll apologize if each Mac contained a packet of Sarin for heaven's sake.

> if you live with people who would even consider that, let alone try it,
> then have much bigger problems.

How many MILLIONS of computers did this security vulnerability affect?

You're expecting us to believe that ALL of those millions of computers are
in a locked room behind closed and locked and guarded doors?

How dumb do you think people are to believe your nonsense.
You'll apologize if each Mac contained a packet of Sarin for heaven's sake.

> for me, not a single person in my household would be trying to log into
> root no matter what system it is, and that's pretty much the case for
> most households.

And you just vouched for the MILLIONS of places where Macs are used?
You really are an idiot sometimes - your Apple Apologies span the gamut.

You'll apologize if each Mac contained a packet of Sarin for heaven's sake.

> remote access is off by default (and is usually blocked by many isps
> anyway), so that vector is not viable either.

You'll apologize if each Mac contained a packet of Sarin for heaven's sake.

> it is a potential risk for businesses, where there are many computers
> that are easily accessible, but most employees are trustworthy and
> aren't going to hack their coworker's systems and risk getting caught
> and be out of a job.

You'll apologize if each Mac contained a packet of Sarin for heaven's sake.

> it's definitely a major oops, but it's been fixed.

You do realize they screwed up the patch, right?

> what matters is the response, which was a patch within 18 hours, most
> of that time was overnight.

Um.. See above. They screwed it up too.

Calum

unread,
Dec 5, 2017, 7:56:39 AM12/5/17
to
On 04/12/2017 18:24, harry newton wrote:

> This bug PROVES beyond a shadow of a doubt that Apple doesn't test for even
> the *simplest* of bugs in the real world.

I'm guessing you've never worked in software QA, as this is far from the
*simplest* bug to spot. Writing automated tests for GUIs with reasonable
coverage is difficult enough even if you only do positive testing (i.e.
testing things that are supposed to work); there are far more variables
involved than writing test cases for a library or a CLI. When you add in
negative testing as well, you have to pick and choose your test cases
carefully or it quickly becomes unmanageable.

They likely had a single negative test for "can you log in with an empty
password". And that would have passed, given that the first time you
tried, you couldn't.

In practise, this particular exploit would likely only have been caught
by fuzz testing. And by definition, fuzz testing is random, so it still
may not have caught it.

What you *should* be asking is why it wasn't caught in code review. They
must've changed something in the Unix authentication layer, which has
been tried and tested for decades, and you don't do that without a damn
good reason and a lot of engineering discussion and review.

Lewis

unread,
Dec 5, 2017, 8:51:02 AM12/5/17
to
That seems unlikely since it didn't appear in the Unix layer, only in the
GUI.

--
IT WOULD BE A MILLION TO ONE CHANCE, said Death. EXACTLY A MILLION TO
ONE CHANCE. 'Oh,' said the Bursar, intensely relieved. 'Oh dear. What a
shame.' --Eric

Jolly Roger

unread,
Dec 5, 2017, 11:38:25 AM12/5/17
to
Calum <com....@nospam.scottishwildcat> wrote:
> On 04/12/2017 18:24, harry newton wrote:
>
>> This bug PROVES beyond a shadow of a doubt that Apple doesn't test for even
>> the *simplest* of bugs in the real world.
>
> I'm guessing you've never worked in software QA, as this is far from the
> *simplest* bug to spot.

It's evident that most of the people (including the resident idiot
nym-switching idiot troll currently known as "harry newton") bitching and
moaning about Apple's software quality have little to no clue about how
software development actually works in the real world.

harry newton

unread,
Dec 5, 2017, 8:59:48 PM12/5/17
to
He who is Calum said on Tue, 5 Dec 2017 12:56:38 +0000:

> I'm guessing you've never worked in software QA, as this is far from the
> *simplest* bug to spot.

Heh heh .. if you only knew how much software testing experience I have
after spending *decades* in Silicon Valley startups.

Only an Apple Apologist could defend the simple ability of pressing the
return key twice to enter as root as not being a software testing issue.

Did you even *read* the news?
They all said this is ridiculous lack of testing.

The fact is that we've proven time and again that Apple doesn't bother to
test their software in the real world (saying only that the real world is
"not supported").

This is a fact that you can apologize for - but it doesn't change the fact.

harry newton

unread,
Dec 5, 2017, 9:01:33 PM12/5/17
to
He who is Jolly Roger said on 5 Dec 2017 16:38:23 GMT:

> It's evident that most of the people (including the resident idiot
> nym-switching idiot troll currently known as "harry newton") bitching and
> moaning about Apple's software quality have little to no clue about how
> software development actually works in the real world.

That's pretty funny coming from you, to me, in that I have been in software
QA for *decades* in the Silicon Valley and you are well known to be the
most commonly posted person in the iOS newsgroups associated with the word
"troll".

Just run a search to find you are the #1 hit for "ios & troll":
http://tinyurl.com/misc-phone-mobile-iphone

Try it.

I appreciate the humor though.

joe

unread,
Dec 6, 2017, 9:05:07 AM12/6/17
to
On 12/05/2017 07:59 PM, harry newton wrote:
> He who is Calum said on Tue, 5 Dec 2017 12:56:38 +0000:
>
>> I'm guessing you've never worked in software QA, as this is far from
>> the *simplest* bug to spot.
>
> Heh heh .. if you only knew how much software testing experience I have
> after spending *decades* in Silicon Valley startups.
>

Based on your comments, it is clear you have no understanding of
software testing.



> Only an Apple Apologist could defend the simple ability of pressing the
> return key twice to enter as root as not being a software testing issue.

It takes a lot more than "simply pressing the return key twice" to give
root access. You and others ignore that part.

>
> Did you even *read* the news?
> They all said this is ridiculous lack of testing.

How many of those people understand software testing? They are just
looking for clicks.

>
> The fact is that we've proven time and again that Apple doesn't bother to
> test their software in the real world (saying only that the real world is
> "not supported").

You can never back this statement up. It is not a fact.

> This is a fact that you can apologize for - but it doesn't change the fact.

I suppose in your mind you expect Apple to test Mac OS under Linux.
That would be silly.

Harry Newton

unread,
Dec 6, 2017, 8:42:35 PM12/6/17
to
On Wed, 6 Dec 2017 08:05:05 -0600, joe wrote:

> Based on your comments, it is clear you have no understanding of
> software testing.

heh heh ... tell me another good joke about my lack of QA software testing
in decades of experience in a variety of Silicon Valley startups.

BTW, read this:
Apple's had a shockingly bad week of software problems
<https://www.theverge.com/2017/12/2/16727238/apple-macos-ios-software-problems-updates>
"As software bugs go, this one was embarrassing and critical".

Yet... "Apple also didn't notice an epic security flaw in macOS and iOS for
18 months a few years ago."

Apple's reply? "Our customers deserve better."

Meanwhile, "As the auditing of development processes begins, other issues
have come to light on the macOS side".

But that's not all.
"That seemed to be an embarrassing end to the problems, but late last night
reports emerged that Apple's rushed software patch could be just as buggy
as the code it was supposed to fix".

"It's [yet another] shoddy example of Apple ... not taking the time to test
... properly."

Meanwhile ... "Mac users have had a confusing week, but ... iPhone users
didn't escape unscathed" either where "Apple has had a history of ... bugs
affecting iOS multiple times over the years."

That's what happens when you don't test your products in the real world.

All Apple says is that interfacing in the real world is "not supported".

Lewis

unread,
Dec 7, 2017, 3:16:17 PM12/7/17
to
In message <p08teg$1u9s$1...@gioia.aioe.org> joe <no...@domain.invalid> wrote:
> On 12/05/2017 07:59 PM, harry newton wrote:
>> He who is Calum said on Tue, 5 Dec 2017 12:56:38 +0000:
>>
>>> I'm guessing you've never worked in software QA, as this is far from
>>> the *simplest* bug to spot.
>>
>> Heh heh .. if you only knew how much software testing experience I have
>> after spending *decades* in Silicon Valley startups.

> Based on your comments, it is clear you have no understanding of
> software testing.

You know who you're talking to, right? He's a liar, pure and simple.
Always has been. I doubt he's ever worked for in any field even
tangentially related to computers.

--
They say whisky'll kill you, but I don't think it will I'm ridin' with
you to the top of the hill

harry newton

unread,
Dec 8, 2017, 9:52:09 AM12/8/17
to
He who is Lewis said on Thu, 7 Dec 2017 20:16:17 -0000 (UTC):

> You know who you're talking to, right? He's a liar, pure and simple.
> Always has been. I doubt he's ever worked for in any field even
> tangentially related to computers.

Heh heh heh ... thanks Lewis.

Since you're the "brains" of the iOS group ... I take that as a compliment.

harry newton

unread,
Dec 8, 2017, 9:56:48 AM12/8/17
to
He who is harry newton said on Fri, 8 Dec 2017 14:52:07 +0000 (UTC):

>> You know who you're talking to, right? He's a liar, pure and simple.
>> Always has been. I doubt he's ever worked for in any field even
>> tangentially related to computers.
>
> Heh heh heh ... thanks Lewis.
>
> Since you're the "brains" of the iOS group ... I take that as a compliment.

Ps.... it's "whom" ... idiot. :)
0 new messages