maybe it’s best not to install any of apple’s latest software releases for the time being until they sort out all these errors? it seems like every other day there is news about a flaw in each of their os platforms — macOS, iOS, watchOS and tvOS.
Mmmm. Not really.
“Difficult to reproduce” sounds like it’s not something that’s going to cause a lot of problems, unlike the root thing.
Besides, if you don’t install the software then how’re you going to get the fixes?
Anyone who hadn't yet updated to 11.2 was unaffected anyway. Other point versions of iOS 11 are fine.
Point still stands. If you don’t install it the you don’t get fixes. There may be other critical fixes in a release that you’ll … ah, wait, of course; you’re used to a platform where fixes aren’t available to phones once you’ve bought them.
Fair enough, but it’s probably best to upgrade security fixes if they’re available to you. The date bug only affected phones that had certain apps on it (ones that used countdown-based time alerts), but what if it also contained a critical fix for a password bug?
maybe it’s best not to install any of apple’s latest software releases for the time being until they sort out all these errors? it seems like every other day there is news about a flaw in each of their os platforms — macOS, iOS, watchOS and tvOS.
Mmmm. Not really.
“Difficult to reproduce” sounds like it’s not something that’s going to cause a lot of problems, unlike the root thing.
Besides, if you don’t install the software then how’re you going to get the fixes?
Anyone who hadn't yet updated to 11.2 was unaffected anyway. Other point versions of iOS 11 are fine.
Point still stands. If you don’t install it the you don’t get fixes. There may be other critical fixes in a release that you’ll … ah, wait, of course; you’re used to a platform where fixes aren’t available to phones once you’ve bought them.
Fair enough, but it’s probably best to upgrade security fixes if they’re available to you. The date bug only affected phones that had certain apps on it (ones that used countdown-based time alerts), but what if it also contained a critical fix for a password bug?
Oh I don't disagree with you at all. In fact I think the understanding attitude you and some others are now taking with this unfortunate string of Apple software coding issues is refreshing, one you will no doubt extend to misc.software foibles on other OS systems. You're right, there is no perfect software. @lkrupp has been very consistent in pointing out that blazing fires don't typically follow flaming exploit headlines on other mobile platforms either. With that said there have been times when I purposely avoid a software update for even an essential software product. I've no doubt you have too. Sometimes stuff ain't broke and the update has questionable benefits. I tend to wait for user reports from others if it's a program I depend on. There's been too many times an update does some stuff they don't tell you about in the changelog.
But since you're introducing a comparison to Android in an Apple-specific thread (sadly too typical whenever potential negativity is reported about iOS) I think you'd agree that it's amazing at how well both iOS and Android have protected their systems and their users from the exploits and malware that many of had to deal with on our desktop OS's over the years. Who woulda thunk that users of major mobile OS systems wouldn't need antivirus programs after-all. Well done IMHO.
So with that now dealt with perhaps we can avoid straying off-topic. I agree with others here that see this as not in and of itself a big deal. Software happens. Instead the takeaway should be that despite our trust that a software system is 100% secure none of them. I would imagine that for a few folk this is the first wake-up call that HomeKit isn't 100% secure either. If it makes some of us take a pause and consider before tying another part of our homes to internet-connected hubs it's a good thing in my view.
Connected home tech is in its infancy so while I do trust lights and thermostats and TV's and speakers to one I personally draw the line at a key for the garage or front door. It's a balance scale with convenience on one side and personal/family/community security on the other. There's still proving and securing to do (probably always will be) and rushing out to buy every shiny new IoT device just because might not be wise quite yet.
I'm content with letting others install certain hardware and/or software and letting them get the bug fixes for awhile before jump in the pool.
And I'm a little leery of a smartlock connected to the Internet. I'm also tempted to put my Dots and Hue lights on a separate router and network. Besides assuaging mild paranoia, I might get better reliability out of my smart devices this way, given my throughput in my Mac network is so low.
And, yet, we're going to let this stuff drive thousands of pounds of vehicle around our streets?
Probably. But I guess the rationale is that when you count the number of humans driving drunk, stoned, tweaked, pissed off about their significant other, enraged, eating burritos, texting, yelling at their evil spawn, checking facebook, and gesticulating about other drivers on the road the incidence of human induced crashes will still be much greater than the number of crashes caused by software bugs in autonomous vehicles. At least you can fix software bugs, but you can't fix stupid.
This very old article alluded to the software quality issue (http://www.nytimes.com/1985/07/04/business/technology-software-fears-on-star-wars.html) as one of the impediments to implementing a large scale missile defense system. Similar concerns about software quality were made when the USS Seawolf SSN-21 combat system was being built because it was estimated to contain about 4 million lines of code. While software testing and defect removal efficiency has improved quite a bit since 1985 the size of software systems has grown much larger than anticipated. Fault injection rates by programmers have probably improved (lowered) as well and is helped by reuse of standard components. But the killer here is size and complexity. I've seen estimates of greater 50 million lines of code for Windows 10 and more than 85 million lines of code for macOS. So if either of these systems were used as front-ends for a missile defense system that itself was estimated to grow to beyond 100 million lines of code in 1985 I'd imagine the cumulative number of lines of code in a complex system would easily grow well into the hundreds of millions so even the best software development organizations would still end up injecting hundreds of thousands of defects and the system would ship with many tens of thousands of bugs (or more technically - anomalies) still in the code base. Sounds scary, but it's very typical with shipping software today. The reason I said anomalies is that anything in the code that does not "work as intended" is an anomaly and the vast majority of these do not cause instability, crashes, or security holes.
gatorguy said: So with that now dealt with perhaps we can avoid straying off-topic. I agree with others here that see this as not in and of itself a big deal. Software happens. Instead the takeaway should be that despite our trust that a software system is 100% secure none of them. I would imagine that for a few folk this is the first wake-up call that HomeKit isn't 100% secure either. If it makes some of us take a pause and consider before tying another part of our homes to internet-connected hubs it's a good thing in my view.
I think this is key. It's about facing reality and making wise choices about who we'll trust with what, and what our risk comfort is.
My argument is that something seems to have shifted at Apple that has made this kind of thing more common in recent years. Does that mean it's worse than everything else out there, or that the sky is falling? Of course not... but my Mac also isn't sitting in some office building with critical private info on it. For such a person, it could be much worse.
dewme said: Probably. But I guess the rationale is that when you count the number of humans driving drunk, stoned, tweaked, pissed off about their significant other, enraged, eating burritos, texting, yelling at their evil spawn, checking facebook, and gesticulating about other drivers on the road the incidence of human induced crashes will still be much greater than the number of crashes caused by software bugs in autonomous vehicles. At least you can fix software bugs, but you can't fix stupid.
Yes, that's the game they are playing. Fill the DB with enough example cases and hope to come out statistically on top. The problems are a few, though. First, you're still going to have all of the above on the roads WITH these AI cars that won't necessarily know how to react to them. Second, if we were able to clean these things from the roads, would the AI cars (in theory) still be superior?
Maybe we should focus a bit more on fixing the actual problem... and then employ AI and sensor technology to make it even better yet. It's like we're just throwing up our hands and picking the lesser of evils while watching the behavior of humanity sink unchallenged into the abyss.
As code gets more complex there will ALWAYS be bugs.
Is the code getting more complex?
Dumb question. Yes.
Possibly... should it be?
I think it's somewhat a false assumption the code is actually more complex. More broad maybe, a bigger system, and less checked across the whole. But, that would seem to be an addressable issue. I'm not sure that would be code complexity, though.
As code gets more complex there will ALWAYS be bugs.
Is the code getting more complex?
Dumb question. Yes.
Possibly... should it be?
I think it's somewhat a false assumption the code is actually more complex. More broad maybe, a bigger system, and less checked across the whole. But, that would seem to be an addressable issue. I'm not sure that would be code complexity, though.
Complexity is the key word here. It's absolutely more complex and will continue to get more complex. What is often up in there is whether it will get more difficult for developers. Apple creates thousands of APIs and hundreds of new frameworks each year so that very complex code that does amazing things with extraordinary HW can be added with very little effort by their developers and 3rd-party developers.
Imagine the iPhone compared to the original Apple I or II computer? The iPhone is clearly worlds above those machines in terms of complexity on every level, and yet these devices are less difficult for customers to use despite having a lot more of everything for them to do.
Not to engage in conspiracy theories, but who else thinks Apple might be crawling with moles in the software division creating weaknesses for some unsavory purposes?
Soli said: Complexity is the key word here. It's absolutely more complex and will continue to get more complex. What is often up in there is whether it will get more difficult for developers. Apple creates thousands of APIs and hundreds of new frameworks each year so that very complex code that does amazing things with extraordinary HW can be added with very little effort by their developers and 3rd-party developers.
Imagine the iPhone compared to the original Apple I or II computer? The iPhone is clearly worlds above those machines in terms of complexity on every level, and yet these devices are less difficult for customers to use despite having a lot more of everything for them to do.
Well, yes, different platforms have different complexity. But, does say, macOS (OS X) from 2017 have higher complexity than the same from 2011? Or, is iOS 11 more complex than iOS 7? They keep adding (sometimes removing) features, but that's more horizontal and has to do more with how well the teams and developers work together. But, is the code complexity actually higher? (Like, you'd have to be a more advanced developer to work on today's iOS than an iOS from several years ago?)
My point being that it might be the system or project management that is what is increasing more in complexity than the code that is the problem. And, that's fixable (not just an 'oh well, nothing we can do about it because it's more complex, so by nature, it will have more problems').
Not to engage in conspiracy theories, but who else thinks Apple might be crawling with moles in the software division creating weaknesses for some unsavory purposes?
We're essentially trusting Apple on that one, I guess. It's not necessarily conspiracy theory though, as we know it has happened with other software projects and is the intention of various agencies. The question is more if Apple *would* stop them and/or if Apple knows about them if they are there.
Soli said: Complexity is the key word here. It's absolutely more complex and will continue to get more complex. What is often up in there is whether it will get more difficult for developers. Apple creates thousands of APIs and hundreds of new frameworks each year so that very complex code that does amazing things with extraordinary HW can be added with very little effort by their developers and 3rd-party developers.
Imagine the iPhone compared to the original Apple I or II computer? The iPhone is clearly worlds above those machines in terms of complexity on every level, and yet these devices are less difficult for customers to use despite having a lot more of everything for them to do.
But, does say, macOS (OS X) from 2017 have higher complexity than the same from 2011? Or, is iOS 11 more complex than iOS 7?
YES! What part of that do you not understand? Advanced programmer doesn't imply more complex code or less complex code. There's often an inverse to entry for making more complex code that is easier for a nascent developer to use, just as babies can use an iPad to play their favorite game or video, but would be horrible as using DOS. I hope you're not suggesting that DOS has a more complex codebase than iOS.
Soli said: YES! What part of that do you not understand? Advanced programmer doesn't imply more complex code or less complex code. There's often an inverse to entry for making more complex code that is easier for a nascent developer to use, just as babies can use an iPad to play their favorite game or video, but would be horrible as using DOS. I hope you're not suggesting that DOS has a more complex codebase than iOS.
No, I mean more like... lets use Tesla as an analogy since we both like cars and Telsa.
So, when Tesla just made the Model S, their overall production was more simple than it is now that they have to juggle the S, X, 3, upcoming Roadser development, etc. But, because they added more models and made the whole more complex, that doesn't mean the S increased in complexity necessarily. So, the problem isn't that the S has suddenly become more complex, but the management of the overall production of multiple models has become more complex.
My point, if that's somewhat analogous to Apple, is that it's more of a project management and process problem than one of direct complexity. And, if so, there is something they can do to address it. It isn't like now that its state of complexity has gone up, only the top 10% of programmers can understand and work on it, vs previously only the top 50% could.
Comments
Fair enough, but it’s probably best to upgrade security fixes if they’re available to you. The date bug only affected phones that had certain apps on it (ones that used countdown-based time alerts), but what if it also contained a critical fix for a password bug?
But since you're introducing a comparison to Android in an Apple-specific thread (sadly too typical whenever potential negativity is reported about iOS) I think you'd agree that it's amazing at how well both iOS and Android have protected their systems and their users from the exploits and malware that many of had to deal with on our desktop OS's over the years. Who woulda thunk that users of major mobile OS systems wouldn't need antivirus programs after-all. Well done IMHO.
So with that now dealt with perhaps we can avoid straying off-topic. I agree with others here that see this as not in and of itself a big deal. Software happens. Instead the takeaway should be that despite our trust that a software system is 100% secure none of them. I would imagine that for a few folk this is the first wake-up call that HomeKit isn't 100% secure either. If it makes some of us take a pause and consider before tying another part of our homes to internet-connected hubs it's a good thing in my view.
Connected home tech is in its infancy so while I do trust lights and thermostats and TV's and speakers to one I personally draw the line at a key for the garage or front door. It's a balance scale with convenience on one side and personal/family/community security on the other. There's still proving and securing to do (probably always will be) and rushing out to buy every shiny new IoT device just because might not be wise quite yet.
And I'm a little leery of a smartlock connected to the Internet. I'm also tempted to put my Dots and Hue lights on a separate router and network. Besides assuaging mild paranoia, I might get better reliability out of my smart devices this way, given my throughput in my Mac network is so low.
This very old article alluded to the software quality issue (http://www.nytimes.com/1985/07/04/business/technology-software-fears-on-star-wars.html) as one of the impediments to implementing a large scale missile defense system. Similar concerns about software quality were made when the USS Seawolf SSN-21 combat system was being built because it was estimated to contain about 4 million lines of code. While software testing and defect removal efficiency has improved quite a bit since 1985 the size of software systems has grown much larger than anticipated. Fault injection rates by programmers have probably improved (lowered) as well and is helped by reuse of standard components. But the killer here is size and complexity. I've seen estimates of greater 50 million lines of code for Windows 10 and more than 85 million lines of code for macOS. So if either of these systems were used as front-ends for a missile defense system that itself was estimated to grow to beyond 100 million lines of code in 1985 I'd imagine the cumulative number of lines of code in a complex system would easily grow well into the hundreds of millions so even the best software development organizations would still end up injecting hundreds of thousands of defects and the system would ship with many tens of thousands of bugs (or more technically - anomalies) still in the code base. Sounds scary, but it's very typical with shipping software today. The reason I said anomalies is that anything in the code that does not "work as intended" is an anomaly and the vast majority of these do not cause instability, crashes, or security holes.
My argument is that something seems to have shifted at Apple that has made this kind of thing more common in recent years. Does that mean it's worse than everything else out there, or that the sky is falling? Of course not... but my Mac also isn't sitting in some office building with critical private info on it. For such a person, it could be much worse.
Yes, that's the game they are playing. Fill the DB with enough example cases and hope to come out statistically on top. The problems are a few, though. First, you're still going to have all of the above on the roads WITH these AI cars that won't necessarily know how to react to them. Second, if we were able to clean these things from the roads, would the AI cars (in theory) still be superior?
Maybe we should focus a bit more on fixing the actual problem... and then employ AI and sensor technology to make it even better yet. It's like we're just throwing up our hands and picking the lesser of evils while watching the behavior of humanity sink unchallenged into the abyss.
Possibly... should it be?
I think it's somewhat a false assumption the code is actually more complex. More broad maybe, a bigger system, and less checked across the whole. But, that would seem to be an addressable issue. I'm not sure that would be code complexity, though.
Imagine the iPhone compared to the original Apple I or II computer? The iPhone is clearly worlds above those machines in terms of complexity on every level, and yet these devices are less difficult for customers to use despite having a lot more of everything for them to do.
My point being that it might be the system or project management that is what is increasing more in complexity than the code that is the problem. And, that's fixable (not just an 'oh well, nothing we can do about it because it's more complex, so by nature, it will have more problems').
We're essentially trusting Apple on that one, I guess. It's not necessarily conspiracy theory though, as we know it has happened with other software projects and is the intention of various agencies. The question is more if Apple *would* stop them and/or if Apple knows about them if they are there.
So, when Tesla just made the Model S, their overall production was more simple than it is now that they have to juggle the S, X, 3, upcoming Roadser development, etc. But, because they added more models and made the whole more complex, that doesn't mean the S increased in complexity necessarily. So, the problem isn't that the S has suddenly become more complex, but the management of the overall production of multiple models has become more complex.
My point, if that's somewhat analogous to Apple, is that it's more of a project management and process problem than one of direct complexity. And, if so, there is something they can do to address it. It isn't like now that its state of complexity has gone up, only the top 10% of programmers can understand and work on it, vs previously only the top 50% could.