undefined | Better HN

0 pointstestvox8y ago0 comments

But everyone can fix this problem by setting a root password. So telling everyone is the right call. Otherwise people would be sitting vulnerable while Apple comes up with a patch.

0 comments

openasocket8y ago

But a tweet isn't really the most effective way to tell everyone. Technical people, including those who would use this vulnerability for malice, will find out far far sooner than my grandmother.

It seems to me the right thing to do is to tell Apple privately, tell them to either push a fix or put out some kind of release letting all their customers know how to mitigate this in the next, say, 3 days, or I'll just tweet about it. What's the downside? At the worst case, you just prolonged the status quo for another 3 days.

thomastjeffery8y ago

It's not the most effective, but that doesn't make it bad, or malicious.

openasocket8y ago

I agree this person isn't malicious, certainly. But I do think his decision was bad. Not "bad" in the moral sense, but "bad" in the sense of being sub-optimal.

1 more reply

j / k navigate · click thread line to collapse

0 comments

openasocket8y ago

But a tweet isn't really the most effective way to tell everyone. Technical people, including those who would use this vulnerability for malice, will find out far far sooner than my grandmother.

thomastjeffery8y ago

It's not the most effective, but that doesn't make it bad, or malicious.

openasocket8y ago

I agree this person isn't malicious, certainly. But I do think his decision was bad. Not "bad" in the moral sense, but "bad" in the sense of being sub-optimal.

1 more reply

j / k navigate · click thread line to collapse