TR Forums

FFS!!!!

"There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with with a blank password and no security check."

https://www.macrumors.com/2017/11/28/ma ... in-access/

lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.

But I thought Macs were immune to security issues?!1?

</Sarc>

K-L-Waster wrote:

But I thought Macs were immune to security issues?!1?

</Sarc>

If you're a Mac user, don't you just close your eyes, put your fingers in your ears and shout "I love Apple" repeatedly to drown out any other noises? Nothing gets in so the user is secure.

derFunkenstein wrote:

lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.

Is it wrong to feel vindicated that my Mac upgrade window opens on the release of 10.x.2 ?

Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.

Topinio wrote:

derFunkenstein wrote:

lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.

Is it wrong to feel vindicated that my Mac upgrade window opens on the release of 10.x.2 ?

I feel vindicated for not messing with a functional production environment just because Apple nags me to upgrade the OS to the latest version, so if that's true for me I think you're clear.

Apple's all about UI design. Rooting made simple!

derFunkenstein wrote:

Topinio wrote:

derFunkenstein wrote:

lulz.

Sierra 10.12.6 is not affected, so this is just a High Sierra issue only. Not that anybody's going to root my Mac, but it's nice to be behind the curve right now.

Is it wrong to feel vindicated that my Mac upgrade window opens on the release of 10.x.2 ?

I feel vindicated for not messing with a functional production environment just because Apple nags me to upgrade the OS to the latest version, so if that's true for me I think you're clear.

I've been testing High Sierra since the WWDC dev release. I just migrated our staff to it. FFS Apple!!!

Concupiscence wrote:

Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.

That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.

F... apple.

I just changed the root password to be safe from this crap.

I am tempted to clean format the harddrive and install ubuntu instead onto this mac mini.

SkyWarrior wrote:

F... apple.

I just changed the root password to be safe from this crap.

I am tempted to clean format the harddrive and install ubuntu instead onto this mac mini.

DO IT

- not an Apple basher, but I have ended up installing Linux on every Mac I've ever owned.

End User wrote:

SkyWarrior wrote:

F... apple.

I just changed the root password to be safe from this crap.

I am tempted to clean format the harddrive and install ubuntu instead onto this mac mini.

DO IT

I will ... on the day when I can no longer receive any normal software updates but for now system is too convoluted to format. Lots of dev tools and config files along with standalone DB files integrated to run analysis.

I may try to convince my boss to get me a lean mean desktop machine to replace this mini. Then I will be the ubuntu king on the block here

I would've installed Ubuntu or Debian on my work MBP long ago, except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN. I spend 99% of my time in a Debian VM anyway; our product is Linux-based, so that's the most natural development environment.

Updated to High Sierra last night on my work computer after hearing this, it's confirmed working after entering credentials twice. Hilarious. Actually after becoming root I realized work let me be a full admin anyway, so root is moot for me, but I still can't believe this slipped through and no patch was available as of last night.

God bless Apple security.

just brew it! wrote:

I would've installed Ubuntu or Debian on my work MBP long ago, except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN. I spend 99% of my time in a Debian VM anyway; our product is Linux-based, so that's the most natural development environment.

Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.

I hope a certain someone does not find out.

End User wrote:

just brew it! wrote:

I would've installed Ubuntu or Debian on my work MBP long ago, except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN. I spend 99% of my time in a Debian VM anyway; our product is Linux-based, so that's the most natural development environment.

Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.

Not really. We are a ~300 person business unit of a large multi-national corporation. Barely a wart on the little finger of the behemoth that is our parent. We don't have a lot of say in the corporate IT decision-making process.

Last time I checked, there actually were a couple of distros that were approved for "primary workstation" use, but they came with some caveats (among them the fact that they were outdated versions of Redhat and Ubuntu, certain internal intranet functionality was broken, and IIRC you had to go through an internally approved mirror to install/update packages instead of going directly to the distro's repos). At that point I decided the path of least resistance was to use a VM on my MBP, and (for things that require native Linux running on the bare metal) set up a separate development box running stock Debian, which is exempt from the more onerous IT requirements by virtue of the fact that it isn't used as a "primary workstation".

JBI wrote:

except that it is not compatible with the IT-mandated security suite we have to run in order to be allowed on the corporate VPN.

Ahhhh, that "old familiar pain".

End User wrote:

Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.

Man your planet must rock.

End User wrote:

I hope a certain someone does not find out.

LOL, why would he care? The head of the Linux Foundation uses MacOS.

(btw that finger was actually for Nvidia, and it's only more deserved now).

End User wrote:

Concupiscence wrote:

Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.

That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.

Tell that to Apple's decision makers, and remind me when they bother updating their system in a way that doesn't suggest their ongoing updates amount to hand-me-downs from iOS development.

Glorious wrote:

End User wrote:

I hope a certain someone does not find out.

LOL, why would he care? The head of the Linux Foundation uses MacOS.

He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.

Glorious wrote:

btw that finger was actually for Nvidia

Concupiscence wrote:

End User wrote:

Concupiscence wrote:

Gosh. It's almost like deprioritizing your former halo product family and turning it into a begrudgingly updated authentication dongle for iOS development was a stupid idea for the richest company in the world.

That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.

Tell that to Apple's decision makers, and remind me when they bother updating their system in a way that doesn't suggest their ongoing updates amount to hand-me-downs from iOS development.

While the bug is bad you're taking it a bit to far.

The Mac is doing just fine.

Glorious wrote:

End User wrote:

Your companies product is Linux based yet they don’t run Linux internally? Your IT department is odd.

Man your planet must rock.

Come on. It is a tad amusing.

just brew it! wrote:

a wart on the little finger

Chrispy_ wrote:

If you're a Mac user, don't you just close your eyes, put your fingers in your ears and shout "I love Apple" repeatedly to drown out any other noises? Nothing gets in so the user is secure.

Those are the "switchers".

End User wrote:

He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.

Linus isn't the head of the Linux Foundation, he's not on the leadership team or even the board.

He's a fellow.

According to the 2015 990, yes, Torvald's the most compensated employee, with the macOS-using executive director Jim Zemlin being the second-most.

And yes, Jim Zemlin (in)famously uses macOS, up to the present day, and has done so unapologetically for years.

https://linux.slashdot.org/story/17/09/ ... rce-summit

EDIT: and yes, the finger was for Nvidia. It's not pedantry, you were implying that Linus would be mad over people using proprietary software. LOLNAW: he used bitkeeper for years until Tridgell tipped his hand. Only then did they make the effort to create git.

He was mad over hardware support. Not the same thing.

And, btw, developers on MBPs with native OS is "odd"? lolwut? This planet of yours is not ours, yet again.

End User wrote:

Concupiscence wrote:

End User wrote:

That seems a tad harsh. The Mac sells roughly 20 million units a year. It's not chump change.

Tell that to Apple's decision makers, and remind me when they bother updating their system in a way that doesn't suggest their ongoing updates amount to hand-me-downs from iOS development.

While the bug is bad you're taking it a bit to far.

The Mac is doing just fine.

The hardware's swell. My complaint isn't there (and I'm really glad they finally, FINALLY moved beyond HFS+); it just feels like they're putting way too little effort into the OS their entire software ecosystem hinges on.

End User wrote:

Glorious wrote:

LOL, why would he care? The head of the Linux Foundation uses MacOS.

He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.

Yup! And just two months ago during his presentation for '2017 is the year of the Linux Desktop' lol!
It was actually all over Slashdot.

https://linux.slashdot.org/story/17/09/ ... rce-summit

https://www.youtube.com/watch?v=3f8FPnAsIJ4

End User wrote:

Glorious wrote:

End User wrote:

I hope a certain someone does not find out.

LOL, why would he care? The head of the Linux Foundation uses MacOS.

He does? In 2017? Any proof? He had been using a 2016 Dell XPS13 Developer Edition as far as I knew. Before that he used a Sony Vaio Pro 11.

Linus is not the head of the Linux Foundation.

End User wrote:

Glorious wrote:

btw that finger was actually for Nvidia

Why the ? It was explicitly stated that he was giving Nvidia the finger at the time.