tbf, every developer I've shown the code that inadvertently created this security issue has kind of dismissed it with a groan and shake of the head. It's just a really dumb case-checking block where there's a fallthrough case where there shouldn't be due to a lack of brackets/bad indentation/copy-paste issues.
― have a nice blood (mh), Tuesday, 25 February 2014 21:02 (ten years ago) link
thanks mh, I will continue to remain obsolete & happy
― sleeve, Tuesday, 25 February 2014 21:42 (ten years ago) link
I'm just here to tell you to keep on keepin' on
― have a nice blood (mh), Tuesday, 25 February 2014 21:43 (ten years ago) link
It's so serious that nobody has been affected by it for 1.5yrs. This is being blown way out of proportion by Apple haters. Install the fix but don't overhype the severity of it.
― brotherlovesdub, Tuesday, 25 February 2014 21:45 (ten years ago) link
well, we have no idea if anyone's been affected by it, is the issue. and recently people did create a few automated attacks based on that vector, so it's completely possible some people have been stealthily taking advantage of it.
― have a nice blood (mh), Tuesday, 25 February 2014 22:24 (ten years ago) link
xp utter, utter rot.
― caek, Tuesday, 25 February 2014 23:30 (ten years ago) link
i know nothing about this stuff, but wouldn't downloading the update via that non-ssl link to the apple support website in chrome or whatever instead of hitting software update ultimately leave you just as open to man-in-the-middle attacks, just ones that didn't exploit this particular flaw?
― sktsh, Wednesday, 26 February 2014 00:04 (ten years ago) link
No, there's a second layer of defence in that Apple updates are cryptographically signed, so anyone wanting to install malware that way would have to have apple's certificate. It's not impossible, but it's still another thing a bad guy would have to crack
― stet, Wednesday, 26 February 2014 00:39 (ten years ago) link
thx!
― sktsh, Wednesday, 26 February 2014 00:50 (ten years ago) link
I just went through Software Update -> App Store, hope I'll be fine....
Have a whole bunch of bitcoins that need to be protected...
― 龜, Wednesday, 26 February 2014 01:16 (ten years ago) link
and this is why I tell people to always use braces around blocks of code, even if the block is a single line...
― koogs, Wednesday, 26 February 2014 01:19 (ten years ago) link
lol koogs, we had a nice tool installed that warned about that and a lot of other rules, but there was so much existing code, and some petty rules we couldn't be bothered to turn off, and... back to the old ways
― have a nice blood (mh), Wednesday, 26 February 2014 02:44 (ten years ago) link
this is why all the critical gubment fighter jet software is programmed in Ada
― have a nice blood (mh), Wednesday, 26 February 2014 02:46 (ten years ago) link
no need for ada, just code reviews and decent unit tests.
or maybe the NSA wanted it there...
(if you've not seen it: https://www.imperialviolet.org/2014/02/22/applebug.html
basically comes down to this:
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail;// more code
that if makes the first goto fail conditional, but *only* the first one - the second one is unconditional so the code following it never executes.
it's a c'n'p error, sure, but the duplication should jump out at you as odd even with the most cursory glance.)
― koogs, Wednesday, 26 February 2014 13:56 (ten years ago) link
ada has mandated begin/end blocks that are named, iirc, so it's even harder to screw this up than style guides that mandate curly braces
― have a nice blood (mh), Wednesday, 26 February 2014 15:49 (ten years ago) link
My macbook pro has been messed up with malware since shortly after i installed whatever this latest update is called. I've never seen such a mess on a mac.
― get up in this twerk cypher (sunny successor), Tuesday, 18 March 2014 15:50 (ten years ago) link
Weird!http://tech.fortune.cnn.com/2014/04/01/apple-buys-ifixit/?iid=obnetwork
― Nhex, Thursday, 3 April 2014 14:15 (ten years ago) link
Oh duh, April Fools. Move along.
hahaha
― markers, Thursday, 3 April 2014 14:38 (ten years ago) link
The only April Fools gag I fell for was the Aperture X announcement. Sigh.
― Elvis Telecom, Thursday, 3 April 2014 22:02 (ten years ago) link
this is coming about a year too late but https://ssl.apple.com/support/iphone5-sleepwakebutton/
i'm still left with a defective volume down butt tho. worst phone i've ever owned
― diamonddave85 (diamonddave85), Monday, 28 April 2014 19:24 (ten years ago) link
i'm going to pretend that typo was intentional
― diamonddave85 (diamonddave85), Monday, 28 April 2014 19:25 (ten years ago) link
Got mine replaced like a year ago because of the button issue, no questions asked. Since then it's been fine...
― schwantz, Monday, 28 April 2014 19:29 (ten years ago) link
i thought i'd bought applecare like i normally do but i apparently i didn't /: the problems didn't start appearing until i was out of warranty
― diamonddave85 (diamonddave85), Monday, 28 April 2014 19:33 (ten years ago) link
I didn't have AppleCare (but it was still in warranty). If I were you I'd try and get a replacement, even out of warranty. Seems like the "geniuses" have a fair amount of leeway there.
― schwantz, Monday, 28 April 2014 19:50 (ten years ago) link
Went and bought a 27-inch Asus that could match my old iMac's 2560x1440 resolution but apparently it still can't be run over regular HDMI so I have to pay $100 for a stupid Thunderbolt-to-Dual DVI adapter.
― Kiarostami bag (milo z), Monday, 28 April 2014 21:18 (ten years ago) link
http://gizmodo.com/how-steve-wozniak-wrote-basic-for-the-original-apple-fr-1570573636
― ▴▲ ▴TH3CR()$BY$H()W▴▲ ▴ (Adam Bruneau), Tuesday, 6 May 2014 04:53 (ten years ago) link
Ugh, my 2007 iMac died this morning. Well, just the hard drive. Which I could just get replaced, but I'm using this as a opportunity to upgrade to the latest greatest iMac. I did good to get 7 years out of this old one.
― Jeff, Tuesday, 13 May 2014 15:37 (nine years ago) link
yikes! did you..... back up?
― TracerHandVEVO (Tracer Hand), Tuesday, 13 May 2014 15:45 (nine years ago) link
go 27' son
― Nhex, Tuesday, 13 May 2014 15:46 (nine years ago) link
Oh, of course! Local time machine backup and online backup with Crashplan. Plus documents and photos additionally backed up on Dropbox and SmugMug. Multiple methods of backup is the only way I fly.
xpost, oh yeah, I wouldn't get anything less than 27".
― Jeff, Tuesday, 13 May 2014 15:48 (nine years ago) link
the night before last my 2 year old iphone 4s wouldn't charge or sync. after trying various troubleshooting things recommended online i booked a genius bar appointment in glasgow. the guy looked at the phone and said there seemed to be corrosion to the charging port. he took it away for a rather long time, by genius bar standards - around 15 minutes. on returning he said he'd done extensive tests and had determined that the phone was irrevocably damaged - not only to the charging port but to the motherboard - he offered me "as a goodwill gesture" (!) a replacement reconditioned 4s for £159 (in addition to keeping my existing broken phone) and then told me that the 4s was on its way out and advised me to upgrade to the 5c, rather than going for a new 4s, telling me about various payment plans that would make if affordable within a contract that they (the store) could arrange for me. there was no point trying to repair the phone since, he claimed, he had tried various different ways to charge the phone and it was not possible.
i panicked and said i'd have to think about it - by which, i meant, i didn't have £159 nor did i want to be tied into a 24 month contract for a 5c (of all things).
some friends had recommended a 3rd party repair joint in glasgow and told me that they would also buy my old (but not that old) phone off me for parts, if the worst came to the worst, so within half an hour of leaving the genius bar i was at this place asking what he thought the best course of acton was.
two minutes later the independent repair guy had a look at the phone, dismantled the relevant parts, run tests and told me that the problem was only due to spots of moisture in the dock and had no clue as to why this would affect the motherboard, which was fine, as far as he could see. if he replaced the part and it didn't work he would simply take it back out and there would be no charge. he did all of this right in front of me - offering me a repair for £29 (£19 for the part plus £10 for his time).
of course it worked, my iphone charges up fine ("well, of course it does", said the repair guy)- the problem was not with the motherboard it was only with the charging dock.
"why did the apple store guy tell me i'd need a new phone?" i asked.
he lied to you to get you to buy a 5c, said the repair guy.
I told him I'd go back to the store to complain but he said they would simply tell me i had had a shonky repair which wouldn't last but, the thing is, that - shonky or not (and i doubt it is) - the genius bar had told me the phone was irreparable - not that a repair wouldn't last or would be pointless but that the phone COULD NOT BE REPAIRED.
is there any point going back to the apple store and telling them this? is it worth the increase in blood pressure? is it better to complain on line? or just forget about it? tbh i'm furious but i dare say the store know these things happen - and actually ensure they happen - and have a very calm rational and legally circumscribed response to people who catch them out at this.
what would you do?
― i lost my shoes on acid (jed_), Tuesday, 10 June 2014 02:10 (nine years ago) link
I had a very similar thing happen to my out-of-AppleCare warranty iPhone 4 about a year ago. Took it to my local indie repair shop and $20 later it was as good as new.
This sort of thing is standard operating procedure for any piece of tech that's out-of-warranty. Once the company is off the hook, they're only in the business to sell you a new one.
― Elvis Telecom, Tuesday, 10 June 2014 02:19 (nine years ago) link
(this is not a defense of apple, I am not particularly a fan of the company that brought us iTunes, Final Cut X, etc., fuck all corporations, etc)
Apple UK must have a different mandate when it comes to that stuff, because I've brought in so much stuff, a lot of it out of warranty, and if you ask them for even a teensy bit of leeway, they just give you the repair/replacement for free. It's always felt like they had a bunch of "be a nice guy" Customer Service Experience Satisfaction tickets that they had to use every week or something.
― ENERGY FOOD (en i see kay), Tuesday, 10 June 2014 02:31 (nine years ago) link
i was so "nice guy", seriously. i didn't have any attitude because in my head it was a £30 repair.
― i lost my shoes on acid (jed_), Tuesday, 10 June 2014 02:34 (nine years ago) link
could be he was just incompetent and mistook it for something that is hard to repair. my charger port died on my much-loved ipod touch some years ago and i called around to lots of shops, all of which insisted that it was typically too hard to fix.
― wat is teh waht (s.clover), Tuesday, 10 June 2014 02:38 (nine years ago) link
unlikely! but i admire your generosity.
― i lost my shoes on acid (jed_), Tuesday, 10 June 2014 02:43 (nine years ago) link
i mean it was a total 5c hard sell.
― i lost my shoes on acid (jed_), Tuesday, 10 June 2014 02:44 (nine years ago) link
I had a similar experience with a 4S faulty dock connector at a Genius Bar, but the guy was much more honest. He said Apple don't replace dock connectors because it's too fiddly a procdure but he was honest enough to say that third-party repair places would, but that he wouldn't advise it as it might go wrong. I took my chances and it was fine. He did vaguely mention the idea of getting a new phone, but in a half-hearted way very far from a hard sell.
― Alba, Thursday, 12 June 2014 11:11 (nine years ago) link
Oh, and he said that he'd liked to have swapped the whole unit out for free as a goodwill gesture, but that my screen had been replaced by a third-party, so company policy meant that he couldn't. I had no idea that I had replaced screen (I bought the 4S second-hand) – I think people sometimes get stung by this when insurers give you reconditioned phones as replacements.
― Alba, Thursday, 12 June 2014 11:15 (nine years ago) link
The reason they're usually so "nice" in the UK is they have to be: EU law pretty much gives you a six-year warranty on anything you buy (5 in Scotland). They honour this, but don't advertise it for obvious reasons. If they give you any shit about it, this link usually shuts them up http://www.apple.com/uk/legal/statutory-warranty/
(Won't work on modified devices, unfortunately)
― stet, Thursday, 12 June 2014 19:52 (nine years ago) link
(And there is a bit of a fight over latent issues: they used to claim that broken home buttons were normal wear and tear, but they now are more likely just to do a swap for one of those)
― stet, Thursday, 12 June 2014 19:53 (nine years ago) link
Good god, that "Chicken Fat" song is a real catchy earworm; I pity the kids that had to listen that every day!
― Nhex, Saturday, 21 June 2014 19:52 (nine years ago) link
wtf - the developer of an app sends out an update to my app that my phone should not have gotten and they tell me to get a refund from apple - apple says FU - I hate apple!
― Brian Eno's Mother (Latham Green), Thursday, 21 August 2014 20:12 (nine years ago) link
https://musescore.com/groups/musescore-ios/discuss/283596#comment-313411
― Brian Eno's Mother (Latham Green), Friday, 22 August 2014 14:17 (nine years ago) link
current best itunes alternatives for windows?
― Brian Eno's Mother (Latham Green), Friday, 22 August 2014 14:26 (nine years ago) link
sticking your head in a bucket of lye, probably
― heck (silby), Friday, 22 August 2014 16:24 (nine years ago) link
lol
― mattresslessness, Friday, 22 August 2014 18:33 (nine years ago) link
Mediamonkey is pretty robust. Seems to best used if you don't even have iTunes installed, though.
― before you die you see the rink (Jon Lewis), Friday, 22 August 2014 23:50 (nine years ago) link
i was a fan of that back in my ye olde Windows days
― Nhex, Saturday, 23 August 2014 01:07 (nine years ago) link