macplusplus

About

Username
macplusplus
Joined
Visits
296
Last Active
Roles
member
Points
3,141
Badges
1
Posts
2,119

Reactions

2KLike4Dislike240Informative

  • Activist group occupies French Apple stores in protest of unpaid Irish taxes

    macplusplusmacplusplus
    For years, loopholes in Irish tax law allowed Apple to funnel billions in international revenue through the country while paying a minute fraction in taxes -- as little as 0.005 percent in 2014. Apple and the Irish government have denied any wrongdoing, but last year a European Commission investigation concluded that Ireland extended preferential state aid, something illegal under E.U. law.
    "Those were US' revenues, so the taxes are to be paid to the US and we'll pay..." That is Apple's point on this tax issue as I understand, not "funnel" or "loopholes" as you misguidedly claim.
    racerhomienetmage

  • Apple software sees disastrous, embarrassing week with iOS springboard crash, macOS root u...

    macplusplusmacplusplus
    nhughes said:
    Supposedly the flaw was publicized on Apple’s developer forums months ago, over the summer. It just didn’t get wide publicity until Tuesday. [...]
    No it wasn't publicized. There are established bug and vulnerability reporting channels. The guy who suggested it as a solution in a forum has been severely brushed by other members of the forum for not reporting that zero-day to Apple and the dude had to defend himself. And some other dude tried it, then he noticed it was already mentioned in that forum but still not cured, and he decided to go loud on Twitter. [...]
    Yes. If anyone catches heat for this, it will be the people who oversee the Developer and AppleSeed forums and reporting channels. Apple should have known about it, but didn't. Something went wrong there. 

    I used to be a regular AppleSeed participant on the permanent list, back in the day, due to my particular knowledge of Chinese-language computing -- I don't have time to do it these days and I don't get the invitations anymore, but reporting bugs (and testing fixes) was our sole purpose. But this discovery was in a developer forum, where the priorities are a little different. Still, it should have been reported, and I guess maybe that didn't happen?

    If it was reported in the proper channels, but was ignored, then that's a big problem. How did the guy who first found it defend himself? By saying he did in fact report it? Have the developer forums and reporting mechanisms gotten so big and unwieldy that something as serious as this can get lost in the noise?
    The last guy is a web developer. The first guy apparently draws a low profile. Both of them may not be seasoned macOS/iOS developers. Web and Mac development cultures are significantly different. They may not be aware of the proper bug submission channels of Apple, if they used whatever "Contact Us" form they found being informed of the bug and cataloguing it may take more time than with the appropriate channels. Anyway, let's be realistic: do we read every message in Apple support forums besides going from page to page with quick glances? In a general discussion forum and in a loose-leaf talk the moderator may have failed to notice it, unless that forum is specifically dedicated to bug reporting, which is not.
    randominternetperson

  • Updating to latest macOS 10.13.1 disables Apple's 'root' bug patch

    macplusplusmacplusplus
    So, what's wrong with that? The update and the bug both work as expected. One will install 10.13.1 first, then install Security Update 2017-001 over that, else macOS will already automatically install the security update on 10.13.1. Apple should stick to the released build number and should not distribute the "corrected" one with a different build number: that would create huge confusions among users and support staff. This is how it works in Windows or other software too.
    randominternetpersonracerhomie

  • Apple says fix incoming for macOS High Sierra root access bug

    macplusplusmacplusplus
    Rayz2016 said:
    Actually the enabling of root and even its compromise is no longer as critical as it sounds because Apple has introduced the "rootless" mode with El Capitan. Officially this is called "System Integrity Protection" and disabling it is not a trivial task. All critical root functions are assigned to processes signed by Apple. So, don't worry, you cannot be your machine's "root" even if you enable the Root user, no one can be. Apple itself is your machine's actual "root" user since El Capitan.

    https://support.apple.com/en-us/HT204899

    There are lot critical functions that fall outside the low level systems that this doesn’t cover. Being able to remote access into the machine for one thing. 
    Remote Access doesn’t require root privileges. ssh doesn’t allow root login with blank password. The Remote Access intruder must still be on the machine to enable root first.

    Of course it is not harmless. But it is not as harmful as previous root escalations. This vulnerability just provides a more privileged admin account one can login without password, that’s it. That puts mostly users' files and privileges at risk (including iCloud) but not the protected base of the system.

    It is worth noting that, as Apple puts it, System Integrity Protection mostly protects against malware modifications. Interactive modifications by such a "root user" may still create significant damage.
    dysamoria

  • 'Hey Siri' may come to iMac Pro with rumored inclusion of A10 Fusion co-processor

    macplusplusmacplusplus
    dougd said:
    Does anyone actually use Siri ? I don't 
    For locating people, making calls, sending messages, as a calculator, currency conversion... I almost never use the dial pad or Contacts app to make calls, it is always Siri.
    chiawatto_cobra