Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

[macOS] Sierra is Online. "Hey Siri, I need to get rid of a body."

19192939496

Posts

  • emp123emp123 Registered User regular
    edited August 2017
    Has anyone had a problem with a Retina MBP (I'm on a 2016 if it matters) where brightness auto adjust raises the contrast or something and makes everything look bleached? I dont know if its my screen or a software issue, but I think its tied to auto adjust since disabling it restores correct contrast.

    EDIT: Oddly, I've only just noticed this today, but I havent installed an update in a while. Seems weird that software would just all of a sudden make changes like that without my input or a software update or something.

    emp123 on
    camo_sig2.png
  • Baron DirigibleBaron Dirigible Registered User regular
    edited August 2017
    Is ... is this how 2FA is supposed to work?

    ml7jqKz.png?1

    Baron Dirigible on
    Perfection is achieved not when there is nothing more to add, but when there is nothing left to take away.
    wanderingthatassemblyguybowen
  • RothgarrRothgarr Registered User regular
    What drives me nuts about that is, between the family members in my home and all their devices, my Mac, iPhone, and iPad are are always popping up with notifications whenever they want to download something since mine is the main account. And they all have at least two Apple devices. I * think * it's only supposed to do it once for each device? Seems like it happens more frequently.

    Get 1000 free miles of charging at 13,000+ Tesla Superchargers using my code! https://ts.la/peter74761

    http://www.prwmusic.com | PSN: TurgidWilly
  • syndalissyndalis Getting Classy On the WallRegistered User, Loves Apple Products regular
    Is ... is this how 2FA is supposed to work?

    ml7jqKz.png?1

    yeah, you are on a trusted device you own that you established can be used to validate two factor, and you are going through a website prompt.

    the website does not know that you are on that trusted device.

    For instance, I can put my username and password into google on my iphone, then go over to my authenticator app on the same phone and get the code.

    Or get a text message on that phone to validate I am who I am.

    SW-4158-3990-6116
    Let's play Mario Kart or something...
    Uselesswarriorhtm
  • UselesswarriorUselesswarrior Registered User regular
    edited August 2017
    I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.

    God help me I keep looking at that iMac Pro page.

    Uselesswarrior on
    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
  • ZiggymonZiggymon Registered User regular
    I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.

    God help me I keep looking at that iMac Pro page.

    If you look about you can get the LG thunderbolt 3 monitors for MacOS refurbished at a good discount, It was much much better discount when Apple still had the money off USB C stuff and people were returning the first run of monitors. I managed to get the 21 inch 4K version for £189 refurb back in Feb, now a new one is close to £700.

    Otherwise there is a lot of really good new monitors coming forth and the new OS update is including support for those external GPU boxes like Razor make. So what might be worth doing is getting a standard high spec iMac or MacBook Pro and buying the GPU of choice for gaming depending on how much the iMac Pro costs?

    I have REZ for the Dreamcast PAL for sale £35. Other Excellent retro games for sale PM for details
  • a5ehrena5ehren AtlantaRegistered User regular
    FWIW, all of those external boxes introduce a 10-50% performance hit (depending on game, etc) at the moment. If you don't have a good reason to pay the Portability Tax, you're better off with something integrated that is closer to what you want.

    I wouldn't expect the iMac Pro to be good at gaming compared to an equivalently priced PC, though it will be a very nice workstation for a few years. And you end up with the eternal iMac tradeoff of having to throw out a very good (and expensive) monitor whenever the internal components no longer meet your needs.

  • htmhtm Registered User regular
    edited August 2017
    a5ehren wrote: »
    FWIW, all of those external boxes introduce a 10-50% performance hit (depending on game, etc) at the moment. If you don't have a good reason to pay the Portability Tax, you're better off with something integrated that is closer to what you want.

    I wouldn't expect the iMac Pro to be good at gaming compared to an equivalently priced PC, though it will be a very nice workstation for a few years. And you end up with the eternal iMac tradeoff of having to throw out a very good (and expensive) monitor whenever the internal components no longer meet your needs.

    I think it'll be fine at gaming for some definition of "fine". It will basically be an X299 box (precisely, the Xeon counterpart to Skylake-X/X299) with an AMD Vega GPU running a 5K display. So CPU/GPU performance will be high-end but not the highest end. It's the the 5K display that will cause problems for gaming. It's simply too much for any GPU. Thus, you'd probably want to pick up a second lower resolution display to game on, which in the context of buying an iMac Pro, would probably be pretty cheap.

    htm on
  • UselesswarriorUselesswarrior Registered User regular
    htm wrote: »
    a5ehren wrote: »
    FWIW, all of those external boxes introduce a 10-50% performance hit (depending on game, etc) at the moment. If you don't have a good reason to pay the Portability Tax, you're better off with something integrated that is closer to what you want.

    I wouldn't expect the iMac Pro to be good at gaming compared to an equivalently priced PC, though it will be a very nice workstation for a few years. And you end up with the eternal iMac tradeoff of having to throw out a very good (and expensive) monitor whenever the internal components no longer meet your needs.

    I think it'll be fine at gaming for some definition of "fine". It will basically be an X299 box (precisely, the Xeon counterpart to Skylake-X/X299) with an AMD Vega GPU running a 5K display. So CPU/GPU performance will be high-end but not the highest end. It's the the 5K display that will cause problems for gaming. It's simply too much for any GPU. Thus, you'd probably want to pick up a second lower resolution display to game on, which in the context of buying an iMac Pro, would probably be pretty cheap.

    You can always scale the resolution down. I do that all the time on my MacBook Pro and the screen still looks better the my native 1080p Dell Ultrasharp.

    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
    htm
  • maximumzeromaximumzero I...wait, what? New Orleans, LARegistered User regular
    I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.

    God help me I keep looking at that iMac Pro page.

    You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.

    FU7kFbw.png
    Switch: 6200-8149-0919 / Wii U: maximumzero / 3DS: 0860-3352-3335 / eBay Shop
    a5ehren
  • UselesswarriorUselesswarrior Registered User regular
    I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.

    God help me I keep looking at that iMac Pro page.

    You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.

    Yeah the workstation part is what is missing in that equation though. Xeons and ECC ram isn't cheap.

    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
  • syndalissyndalis Getting Classy On the WallRegistered User, Loves Apple Products regular
    I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.

    God help me I keep looking at that iMac Pro page.

    You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.

    Yeah the workstation part is what is missing in that equation though. Xeons and ECC ram isn't cheap.

    If you are able to wait one more year on this, I would suggest checking out whatever Mac Pro was promised by Cook earlier this year for a 2018 release.

    It is (supposedly) a callback to the classic Mac Pro / G5 towers of yore, with normal expansion capabilities.

    I am sure it will also be v expensive, but the ability to buy a very nice 5K monitor and have it for the next machine as apoosed to attached to your workstation will be a nice bonus.

    Plus the ability to drop a whatever is passing for a 1080GTX in 2018 instead of a Radeon Fire.

    SW-4158-3990-6116
    Let's play Mario Kart or something...
  • htmhtm Registered User regular
    I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.

    God help me I keep looking at that iMac Pro page.

    You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.

    Yeah the workstation part is what is missing in that equation though. Xeons and ECC ram isn't cheap.

    The iMac Pro will actually be competitively priced vs. a DIY PC using comparable parts: Apple's new iMac Pro costs $5000, but is it overpriced?

    The parts list that PCGamer is using there to approximate what Apple will ship is sort of bone-headed for a few components, but the essential point of the article is basically correct. An iMac Pro isn't cheap, but it's cheaper than a DIY machine that matches it specs.

    I'm also in the market for a new workstation-ish machine (that I'll also use for PC gaming), and I actually think I'm going to try to build a Hackintosh. Even though I think that iMac Pro will be a pretty great machine, I don't really want to get locked into a Vega GPU and a display that's not really great for gaming. I also don't want to wait till next year on the new modular Mac Pro. The Hackintosh community has Sierra up and running on Skylake-X/X299 already: Skylake-X/X299 - Live the Future now on macOS Sierra 10.12 - [Successful Build/Extended Guide].

    If High Sierra is solid on SKL-X/X299 Hackintoshes by the time the SKL-X CPUs are out at the end of October, I'll build a 14- or 16-core Hackintosh.

  • UselesswarriorUselesswarrior Registered User regular
    I wonder how much external GPUs will mitigate not being able to upgrade the Vega.

    Because honestly that is the one thing I update. Ever since I started building machines I never touch the cpu \ motherboard, I consider that new build terrority. I used to upgrade ram fairly regularly but that really doesn’t move forward at the same pace anymore. Basically the GPU is the one part I want to be able to upgrade, because a lot happens to GPUs in 4 years.

    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
  • tyrannustyrannus Registered User regular
    edited September 2017
    oops, this is the wrong thread!

    tyrannus on
  • kaliyamakaliyama Left to find less-moderated fora Registered User regular
    edited October 2017
    Hi all - for a friend looking at editing static images in photoshop, is there a material difference between the 2.3 ghz macbook pro and the 3.1? Both 13". Googling this question didn't produce useful results, but I would assume ram would be more important than the processor speed and processor would only be a bottleneck for video rendering.

    kaliyama on
    fwKS7.png?1
  • RothgarrRothgarr Registered User regular
    edited October 2017
    kaliyama wrote: »
    Hi all - for a friend looking at editing static images in photoshop, is there a material difference between the 2.3 ghz macbook pro and the 3.1? Both 13". Googling this question didn't produce useful results, but I would assume ram would be more important than the processor speed and processor would only be a bottleneck for video rendering.

    Not sure if it helps, but I'm using a 2.9 GHz Macbook Pro (15" with touch bar) and I find no lag in Photoshop. That's all while the Macbook is driving THREE external 24" displays (for a total of four displays). So this thing is plenty fast. I have 16 GB RAM.

    Rothgarr on
    Get 1000 free miles of charging at 13,000+ Tesla Superchargers using my code! https://ts.la/peter74761

    http://www.prwmusic.com | PSN: TurgidWilly
  • ZiggymonZiggymon Registered User regular
    Rothgarr wrote: »
    kaliyama wrote: »
    Hi all - for a friend looking at editing static images in photoshop, is there a material difference between the 2.3 ghz macbook pro and the 3.1? Both 13". Googling this question didn't produce useful results, but I would assume ram would be more important than the processor speed and processor would only be a bottleneck for video rendering.

    Not sure if it helps, but I'm using a 2.9 GHz Macbook Pro (15" with touch bar) and I find no lag in Photoshop. That's all while the Macbook is driving THREE external 24" displays (for a total of four displays). So this thing is plenty fast. I have 16 GB RAM.

    From about 2007 onwards the biggest bottleneck was the HDD, when people changed to a SSD and apple went with its Flash memory version the systems went super fast. There is also the fact that the GPU on the Pro models are optimised for workloads rather than gaming. RAM is pretty low down on the list. I was able to edit quite well with Photoshop CC on a 2013 MacBook Air with 4GB Ram and even Lightroom.

    I have REZ for the Dreamcast PAL for sale £35. Other Excellent retro games for sale PM for details
  • EchoEcho Moderator mod
    Now this is one heck of a bug. New macOS High Sierra vulnerability exposes the password of an encrypted APFS container

    Seems like Disk Utility stores the password as the password hint when setting the password. Oops?

    Echo wrote: »
    Let they who have not posted about their balls in the wrong thread cast the first stone.
  • MercadeMercade Registered User regular
    Ugh. Note to self: stop installing x.0 versions. Always give it a couple months.


  • Descendant XDescendant X Hank Facepunch Registered User regular
    Echo wrote: »
    Now this is one heck of a bug. New macOS High Sierra vulnerability exposes the password of an encrypted APFS container

    Seems like Disk Utility stores the password as the password hint when setting the password.

    So what does this mean for the rest of us?

    Something used to be here. It's gone now.
  • physi_marcphysi_marc Positron Tracker Registered User regular
    Echo wrote: »
    Now this is one heck of a bug. New macOS High Sierra vulnerability exposes the password of an encrypted APFS container

    Seems like Disk Utility stores the password as the password hint when setting the password.

    So what does this mean for the rest of us?

    Nothing. It's been fixed already.

    3DS Friend Code: 3952-7043-7606
    Switch Friend Code: 3102-5341-0358
    Nintendo Network ID: PhysiMarc
  • UselesswarriorUselesswarrior Registered User regular
    Echo wrote: »
    Now this is one heck of a bug. New macOS High Sierra vulnerability exposes the password of an encrypted APFS container

    Seems like Disk Utility stores the password as the password hint when setting the password. Oops?

    I find this post kind of hilarious in light of the no password root issue. Like we thought that was bad at the time.

    OSX has been having some growing pains lately.

    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
    minor incident
  • nexuscrawlernexuscrawler Registered User regular
    OS X has always been shitty on security

    amnesiasoft
  • UselesswarriorUselesswarrior Registered User regular
    OS X has always been shitty on security

    Has it? I thought in some ways OSX was at the cutting edge of security with app sandboxing and system level protection.

    What are we comparing it to? Linux distros have had similar bugs.

    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
  • LD50LD50 Registered User regular
    OS X has always been shitty on security

    Has it? I thought in some ways OSX was at the cutting edge of security with app sandboxing and system level protection.

    What are we comparing it to? Linux distros have had similar bugs.

    Yeah. Apple has a lot of great security tech that it has inherited from being based on BSD, but they're basically the worst of the worst when it comes to 'security through obscurity' with their closed source components. Security industry people have been saying for years (since the release of windows vista, basically) that OSX is by far the most vulnerable of the mainstream OSes and that as it gains popularity users should expect to see more and more critical vulnerabilities.

    amnesiasoft
  • UselesswarriorUselesswarrior Registered User regular
    edited December 2017
    LD50 wrote: »
    OS X has always been shitty on security

    Has it? I thought in some ways OSX was at the cutting edge of security with app sandboxing and system level protection.

    What are we comparing it to? Linux distros have had similar bugs.

    Yeah. Apple has a lot of great security tech that it has inherited from being based on BSD, but they're basically the worst of the worst when it comes to 'security through obscurity' with their closed source components. Security industry people have been saying for years (since the release of windows vista, basically) that OSX is by far the most vulnerable of the mainstream OSes and that as it gains popularity users should expect to see more and more critical vulnerabilities.

    What is fundamentally flawed about the security model? Like you said, it's based in Unix style security model. What did Apple change that made it more vulnerable?

    Apple has actually been going out of their way to lock down certain aspect of macOS to a degree that I haven't seen in Linux and Windows. You basically have to have physical access to the machine to disable it.

    Additionally they strongly steer users to their App Store which has apps that are signed and take advantage of extensive sandboxing.

    While High Sierra has had a few rough security holes, my read on them is that they weren't symptomatic of a flawed security model, like say, the security flaws in pre-NT / 2000 era Windows were.

    Uselesswarrior on
    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
  • LD50LD50 Registered User regular
    The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.

    The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).

    A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.

  • htmhtm Registered User regular
    LD50 wrote: »
    The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.

    The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).

    A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.

    I don't think that's exactly right. It's more that they design really good security and then compromise it with stupid bugs. HomeKit, purely in terms of design, has always been more secure than other IoT protocols. Its original spec mandated some genuinely hardcore encryption: HomeKit market held back by Apple's high encryption demands - report. They relaxed some of their original standards in order to make it easier to retrofit existing IoT devices with HomeKit support, but the HomeKit spec is still heavy on security features: Apple has proven me wrong about HomeKit.

    And as far as I know, Apple is the only company that bakes strong, completely inaccessible encryption keys directly into their device hardware. Is there any other mainstream PC/phone manufacturer that puts something like the Secure Enclave in their chipsets/SoCs? If there are, I haven't seen them make the press.

    All that being said, the macOS root bug was egregious and inexcusable, and their flailing attempts to hotfix it were cringe-inducing. The HomeKit thing was also bad, but it required that a hacker know the target's Apple ID already.


    Uselesswarrior
  • LD50LD50 Registered User regular
    edited December 2017
    htm wrote: »
    LD50 wrote: »
    The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.

    The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).

    A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.

    I don't think that's exactly right. It's more that they design really good security and then compromise it with stupid bugs. HomeKit, purely in terms of design, has always been more secure than other IoT protocols. Its original spec mandated some genuinely hardcore encryption: HomeKit market held back by Apple's high encryption demands - report. They relaxed some of their original standards in order to make it easier to retrofit existing IoT devices with HomeKit support, but the HomeKit spec is still heavy on security features: Apple has proven me wrong about HomeKit.

    And as far as I know, Apple is the only company that bakes strong, completely inaccessible encryption keys directly into their device hardware. Is there any other mainstream PC/phone manufacturer that puts something like the Secure Enclave in their chipsets/SoCs? If there are, I haven't seen them make the press.

    All that being said, the macOS root bug was egregious and inexcusable, and their flailing attempts to hotfix it were cringe-inducing. The HomeKit thing was also bad, but it required that a hacker know the target's Apple ID already.


    The real bad thing about the root bug is that the existence of that bug means they're probably not doing any unit testing and that is a big red flag and exactly the problem that security researchers have been talking about.

    The HomeKit bug was less about the bug itself but their response to it. There was zero response to fixing a pretty critical bug until it got to their PR department. They don't give a shit about security bugs unless they're in the public eye. That is a serious cultural problem, which to me suggests that the state of their security development isn't going to improve unless the culture changes.

    LD50 on
  • EchoEcho Moderator mod
    I work in IT security. That's the culture of a good two thirds of the IT business.

    Echo wrote: »
    Let they who have not posted about their balls in the wrong thread cast the first stone.
    LD50thatassemblyguy
  • LD50LD50 Registered User regular
    Echo wrote: »
    I work in IT security. That's the culture of a good two thirds of the IT business.

    Yeah, but I hold Apple to a higher standard.

    Echo
  • RothgarrRothgarr Registered User regular
    LD50 wrote: »
    Echo wrote: »
    I work in IT security. That's the culture of a good two thirds of the IT business.

    Yeah, but I hold Apple to a higher standard.

    Sort of like Hebrew National hotdogs

    Get 1000 free miles of charging at 13,000+ Tesla Superchargers using my code! https://ts.la/peter74761

    http://www.prwmusic.com | PSN: TurgidWilly
    Uselesswarrior
  • UselesswarriorUselesswarrior Registered User regular
    LD50 wrote: »
    htm wrote: »
    LD50 wrote: »
    The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.

    The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).

    A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.

    I don't think that's exactly right. It's more that they design really good security and then compromise it with stupid bugs. HomeKit, purely in terms of design, has always been more secure than other IoT protocols. Its original spec mandated some genuinely hardcore encryption: HomeKit market held back by Apple's high encryption demands - report. They relaxed some of their original standards in order to make it easier to retrofit existing IoT devices with HomeKit support, but the HomeKit spec is still heavy on security features: Apple has proven me wrong about HomeKit.

    And as far as I know, Apple is the only company that bakes strong, completely inaccessible encryption keys directly into their device hardware. Is there any other mainstream PC/phone manufacturer that puts something like the Secure Enclave in their chipsets/SoCs? If there are, I haven't seen them make the press.

    All that being said, the macOS root bug was egregious and inexcusable, and their flailing attempts to hotfix it were cringe-inducing. The HomeKit thing was also bad, but it required that a hacker know the target's Apple ID already.


    The real bad thing about the root bug is that the existence of that bug means they're probably not doing any unit testing and that is a big red flag and exactly the problem that security researchers have been talking about.

    The HomeKit bug was less about the bug itself but their response to it. There was zero response to fixing a pretty critical bug until it got to their PR department. They don't give a shit about security bugs unless they're in the public eye. That is a serious cultural problem, which to me suggests that the state of their security development isn't going to improve unless the culture changes.

    Jumping to the conclusion that they aren’t unit testing is quite the leap.

    Actually, based on this write up, https://objective-see.com/blog/blog_0x24.html, it sounds like more the problem wouldn’t have been caught by unit tests, it’s more what an integration test would catch.

    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
    htmthatassemblyguy
  • RothgarrRothgarr Registered User regular
    Dayum, unlocking my Macbook Pro with my Apple Watch is way cooler than using the fingerprint sensor on the touch bar. I had no idea it could do that.

    Get 1000 free miles of charging at 13,000+ Tesla Superchargers using my code! https://ts.la/peter74761

    http://www.prwmusic.com | PSN: TurgidWilly
    wandering
  • minor incidentminor incident Helen Keller to the bullshit Registered User regular
    Rothgarr wrote: »
    Dayum, unlocking my Macbook Pro with my Apple Watch is way cooler than using the fingerprint sensor on the touch bar. I had no idea it could do that.

    My wife loves that, too. It IS a pretty great feature. I just wish they'd get on the Android Smart Lock train and let your Apple Watch unlock your iPhone, because Face ID sure is a bit of a dog.

    Steam: minor incident || PSN: inter-punct
    You may not find all that you're after. In the end I hope it doesn't matter.
    Rothgarr
  • thatassemblyguythatassemblyguy RESIST. Registered User regular
    Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)

    is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.

  • KPCKPC Registered User regular
    Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)

    is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.

    I use Ghostery and Adblock. Gets most of them, I think.

    thatassemblyguy
  • thatassemblyguythatassemblyguy RESIST. Registered User regular
    KPC wrote: »
    Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)

    is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.

    I use Ghostery and Adblock. Gets most of them, I think.

    I ended up downloading Firefox for Mac OS. It was really bugging me that Safari didn't have something more granular than "turn off all javascript". There was one extension I found, but it seemed not as well vetted as noscript (of which there is no Safari version).

  • htmhtm Registered User regular
    Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)

    is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.

    I've used 1Blocker, Ka-Block, and AdGuard, all of which take advantage of Safari's native-side content blocking features instead of being pure JavaScript. Not sure about something like noscript, though.

Sign In or Register to comment.