Personal computing discussed

Moderators: David, Thresher

 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Serious bug in macOS High Sierra

Tue Nov 28, 2017 3:57 pm

FFS!!!!

"There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with with a blank password and no security check."

https://www.macrumors.com/2017/11/28/ma ... in-access/
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 23840
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 4:02 pm

lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.
I do not understand what I do. For what I want to do I do not do, but what I hate I do.
 
K-L-Waster
Gerbil Team Leader
Posts: 208
Joined: Thu Feb 12, 2015 8:10 pm

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 4:27 pm

But I thought Macs were immune to security issues?!1?

</Sarc>
Main System: i7-8700K, ASUS ROG STRIX Z370-E, 16 GB DDR4 3200 RAM, MSI GTX 1080 TI, 1 TB CRUCIAL MX500, Corsair 550D

HTPC: I5-4460, ASUS H97M-E, 8 GB RAM, GTX 970, CRUCIAL 256GB MX100, SILVERSTONE GD09B
 
Chrispy_
Gold subscriber
Maximum Gerbil
Posts: 4104
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 5:23 pm

K-L-Waster wrote:
But I thought Macs were immune to security issues?!1?

</Sarc>


If you're a Mac user, don't you just close your eyes, put your fingers in your ears and shout "I love Apple" repeatedly to drown out any other noises? Nothing gets in so the user is secure.
Congratulations, you've noticed that this year's signature is based on outdated internet memes; CLICK HERE NOW to experience this unforgettable phenomenon. This sentence is just filler and as irrelevant as my signature.
 
Topinio
Graphmaster Gerbil
Posts: 1345
Joined: Mon Jan 12, 2015 9:28 am
Location: London

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 5:26 pm

derFunkenstein wrote:
lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.

Is it wrong to feel vindicated that my Mac upgrade window opens on the release of 10.x.2 ?
Desktop: E3-1270 v5, X11SAT-F, 32GB, RX Vega 56, 250GB BX100, 2TB Ultrastar, Xonar DGX, XL2730Z + G2420HDB
HTPC: i5-2500K, DH67GD, 6GB, GT 1030 SC, 250GB BX100, 1.5TB Barracuda, Xonar DX
Laptop: MacBook6,1
 
Concupiscence
Gerbil Elite
Posts: 520
Joined: Tue Sep 25, 2012 7:58 am
Location: Dallas area, Texas, USA

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 5:29 pm

Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.
Workstation: Ryzen 1700, 16 gigs RAM, GTX 1050 Ti, Win10 Pro x64
HTPC: i3 4170, 8 gigs RAM, Geforce GTX 750 Ti, Windows 8.1 x64
Mac Pro 3,1: Dual Xeon e5462s, 14 gigs RAM, Radeon 2600XT, El Capitan
 
derFunkenstein
Gold subscriber
Gerbil God
Posts: 23840
Joined: Fri Feb 21, 2003 9:13 pm
Location: Comin' to you directly from the Mothership

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 6:04 pm

Topinio wrote:
derFunkenstein wrote:
lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.

Is it wrong to feel vindicated that my Mac upgrade window opens on the release of 10.x.2 ?

I feel vindicated for not messing with a functional production environment just because Apple nags me to upgrade the OS to the latest version, so if that's true for me I think you're clear. :D
I do not understand what I do. For what I want to do I do not do, but what I hate I do.
 
just brew it!
Gold subscriber
Administrator
Posts: 49730
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 6:28 pm

Apple's all about UI design. Rooting made simple!
Nostalgia isn't what it used to be.
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 9:37 pm

derFunkenstein wrote:
Topinio wrote:
derFunkenstein wrote:
lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.

Is it wrong to feel vindicated that my Mac upgrade window opens on the release of 10.x.2 ?

I feel vindicated for not messing with a functional production environment just because Apple nags me to upgrade the OS to the latest version, so if that's true for me I think you're clear. :D

I've been testing High Sierra since the WWDC dev release. I just migrated our staff to it. FFS Apple!!!
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Tue Nov 28, 2017 9:38 pm

Concupiscence wrote:
Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.

That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
SkyWarrior
Gerbil
Posts: 24
Joined: Wed Jun 21, 2006 10:27 pm
Location: Turkey

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 12:22 am

F... apple.

I just changed the root password to be safe from this crap.

I am tempted to clean format the harddrive and install ubuntu instead onto this mac mini.
Rare is common where I work...
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 12:24 am

SkyWarrior wrote:
F... apple.

I just changed the root password to be safe from this crap.

I am tempted to clean format the harddrive and install ubuntu instead onto this mac mini.

DO IT
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
hrsetrdr
Gerbil
Posts: 10
Joined: Sat Jan 26, 2008 4:59 pm

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 1:06 am

- not an Apple basher, but I have ended up installing Linux on every Mac I've ever owned.
 
SkyWarrior
Gerbil
Posts: 24
Joined: Wed Jun 21, 2006 10:27 pm
Location: Turkey

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 4:33 am

End User wrote:
SkyWarrior wrote:
F... apple.

I just changed the root password to be safe from this crap.

I am tempted to clean format the harddrive and install ubuntu instead onto this mac mini.

DO IT

I will ... on the day when I can no longer receive any normal software updates but for now system is too convoluted to format. Lots of dev tools and config files along with standalone DB files integrated to run analysis.

I may try to convince my boss to get me a lean mean desktop machine to replace this mini. Then I will be the ubuntu king on the block here :)
Rare is common where I work...
 
just brew it!
Gold subscriber
Administrator
Posts: 49730
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 5:50 am

I would've installed Ubuntu or Debian on my work MBP long ago, except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN. I spend 99% of my time in a Debian VM anyway; our product is Linux-based, so that's the most natural development environment.
Nostalgia isn't what it used to be.
 
Duct Tape Dude
Gold subscriber
Gerbil Elite
Posts: 586
Joined: Thu May 02, 2013 12:37 pm

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 6:17 am

Updated to High Sierra last night on my work computer after hearing this, it's confirmed working after entering credentials twice. Hilarious. Actually after becoming root I realized work let me be a full admin anyway, so root is moot for me, but I still can't believe this slipped through and no patch was available as of last night.

God bless Apple security.
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 7:13 am

just brew it! wrote:
I would've installed Ubuntu or Debian on my work MBP long ago, except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN. I spend 99% of my time in a Debian VM anyway; our product is Linux-based, so that's the most natural development environment.

Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.

I hope a certain someone does not find out.
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
just brew it!
Gold subscriber
Administrator
Posts: 49730
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 7:35 am

End User wrote:
just brew it! wrote:
I would've installed Ubuntu or Debian on my work MBP long ago, except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN. I spend 99% of my time in a Debian VM anyway; our product is Linux-based, so that's the most natural development environment.

Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.

Not really. We are a ~300 person business unit of a large multi-national corporation. Barely a wart on the little finger of the behemoth that is our parent. We don't have a lot of say in the corporate IT decision-making process.

Last time I checked, there actually were a couple of distros that were approved for "primary workstation" use, but they came with some caveats (among them the fact that they were outdated versions of Redhat and Ubuntu, certain internal intranet functionality was broken, and IIRC you had to go through an internally approved mirror to install/update packages instead of going directly to the distro's repos). At that point I decided the path of least resistance was to use a VM on my MBP, and (for things that require native Linux running on the bare metal) set up a separate development box running stock Debian, which is exempt from the more onerous IT requirements by virtue of the fact that it isn't used as a "primary workstation".
Nostalgia isn't what it used to be.
 
Glorious
Gold subscriber
Grand Admiral Gerbil
Posts: 10303
Joined: Tue Aug 27, 2002 6:35 pm

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 8:36 am

JBI wrote:
except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN.


Ahhhh, that "old familiar pain".

End User wrote:
Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.


Man your planet must rock.
 
Glorious
Gold subscriber
Grand Admiral Gerbil
Posts: 10303
Joined: Tue Aug 27, 2002 6:35 pm

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 8:44 am

End User wrote:
I hope a certain someone does not find out.


LOL, why would he care? The head of the Linux Foundation uses MacOS.

(btw that finger was actually for Nvidia, and it's only more deserved now).
 
Concupiscence
Gerbil Elite
Posts: 520
Joined: Tue Sep 25, 2012 7:58 am
Location: Dallas area, Texas, USA

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 10:23 am

End User wrote:
Concupiscence wrote:
Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.

That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.


Tell that to Apple's decision makers, and remind me when they bother updating their system in a way that doesn't suggest their ongoing updates amount to hand-me-downs from iOS development.
Workstation: Ryzen 1700, 16 gigs RAM, GTX 1050 Ti, Win10 Pro x64
HTPC: i3 4170, 8 gigs RAM, Geforce GTX 750 Ti, Windows 8.1 x64
Mac Pro 3,1: Dual Xeon e5462s, 14 gigs RAM, Radeon 2600XT, El Capitan
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:20 am

Glorious wrote:
End User wrote:
I hope a certain someone does not find out.


LOL, why would he care? The head of the Linux Foundation uses MacOS.

He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.

Glorious wrote:
btw that finger was actually for Nvidia

:roll:
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:24 am

Concupiscence wrote:
End User wrote:
Concupiscence wrote:
Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.

That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.


Tell that to Apple's decision makers, and remind me when they bother updating their system in a way that doesn't suggest their ongoing updates amount to hand-me-downs from iOS development.

While the bug is bad you're taking it a bit to far.

The Mac is doing just fine.
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:25 am

Glorious wrote:
End User wrote:
Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.


Man your planet must rock.

Come on. It is a tad amusing. :P
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:26 am

just brew it! wrote:
a wart on the little finger

:)
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
End User
Gold subscriber
Minister of Gerbil Affairs
Topic Author
Posts: 2454
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:29 am

Chrispy_ wrote:
If you're a Mac user, don't you just close your eyes, put your fingers in your ears and shout "I love Apple" repeatedly to drown out any other noises? Nothing gets in so the user is secure.

Those are the "switchers".
Threadripper 1950X build parts have arrived - i'm procrastinating on the build :(
 
Glorious
Gold subscriber
Grand Admiral Gerbil
Posts: 10303
Joined: Tue Aug 27, 2002 6:35 pm

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:39 am

End User wrote:
He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.


Linus isn't the head of the Linux Foundation, he's not on the leadership team or even the board.

He's a fellow.

According to the 2015 990, yes, Torvald's the most compensated employee, with the macOS-using executive director Jim Zemlin being the second-most.

And yes, Jim Zemlin (in)famously uses macOS, up to the present day, and has done so unapologetically for years.

https://linux.slashdot.org/story/17/09/ ... rce-summit

EDIT: and yes, the finger was for Nvidia. It's not pedantry, you were implying that Linus would be mad over people using proprietary software. LOLNAW: he used bitkeeper for years until Tridgell tipped his hand. Only then did they make the effort to create git.

He was mad over hardware support. Not the same thing.

And, btw, developers on MBPs with native OS is "odd"? lolwut? This planet of yours is not ours, yet again.
Last edited by Glorious on Wed Nov 29, 2017 11:46 am, edited 1 time in total.
 
Concupiscence
Gerbil Elite
Posts: 520
Joined: Tue Sep 25, 2012 7:58 am
Location: Dallas area, Texas, USA

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:44 am

End User wrote:
Concupiscence wrote:
End User wrote:
That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.


Tell that to Apple's decision makers, and remind me when they bother updating their system in a way that doesn't suggest their ongoing updates amount to hand-me-downs from iOS development.

While the bug is bad you're taking it a bit to far.

The Mac is doing just fine.


The hardware's swell. My complaint isn't there (and I'm really glad they finally, FINALLY moved beyond HFS+); it just feels like they're putting way too little effort into the OS their entire software ecosystem hinges on.
Workstation: Ryzen 1700, 16 gigs RAM, GTX 1050 Ti, Win10 Pro x64
HTPC: i3 4170, 8 gigs RAM, Geforce GTX 750 Ti, Windows 8.1 x64
Mac Pro 3,1: Dual Xeon e5462s, 14 gigs RAM, Radeon 2600XT, El Capitan
 
jihadjoe
Gerbil Elite
Posts: 616
Joined: Mon Dec 06, 2010 11:34 am

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:49 am

End User wrote:
Glorious wrote:
LOL, why would he care? The head of the Linux Foundation uses MacOS.

He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.


Yup! And just two months ago during his presentation for '2017 is the year of the Linux Desktop' lol!
It was actually all over Slashdot.

https://linux.slashdot.org/story/17/09/ ... rce-summit

https://www.youtube.com/watch?v=3f8FPnAsIJ4
 
just brew it!
Gold subscriber
Administrator
Posts: 49730
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Serious bug in macOS High Sierra

Wed Nov 29, 2017 11:52 am

End User wrote:
Glorious wrote:
End User wrote:
I hope a certain someone does not find out.

LOL, why would he care? The head of the Linux Foundation uses MacOS.

He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.

Linus is not the head of the Linux Foundation.

End User wrote:
Glorious wrote:
btw that finger was actually for Nvidia

:roll:

Why the :roll:? It was explicitly stated that he was giving Nvidia the finger at the time.
Nostalgia isn't what it used to be.

Who is online

Users browsing this forum: No registered users and 2 guests