I then got a usb c/thunderbolt to display port for 4k 60fps, and the issues significantly dropped, but it still occasionally happens.
But holy hell do they need to work on their external monitor support. Yesterday I had one of my monitors randomly go black for a second. I’ve had audio over usbc just not show up anymore and it refusing to see my gigabit ethernet when waking up unless I unplug the actual ethernet cable. Simply amazing this passed their QA - and Id find it hard to believe no one at Apple uses clamshell mode with two monitors.
Strongly disagree, and I can not conceive of how it could be viewed as "better" than hardware keys. Maybe if they moved it above the FN row and we regained the hardware escape key, while making it a build to order option. Even then, I personally would have no interest in it, and neither would anyone else I know. I do not want to look at my hands while I type, ever.
No problems with my Debian or Win 7 boxes which are presumably on the same switch
This was one of the reasons I never adopted Linux on a laptop. Power management simply never worked. I used Windows for many years on a ThinkPad with Linux in a VM but this felt dirty. Bought a Mac and life was good. Well it was until 10.13. 50% of wake up events I have to log in to a trashed desktop now.
It makes me long for a computer nailed to a bit of ethernet that is never turned off.
Edit: also I just went through hell trying to get a USB to serial converter working on OSX. Not exactly a crap one, a Keysight U1173B with Prolific chipset.
I invested $15 in stay https://cordlessdog.com/stay/
I would not say the problem is solved (it's not going to solve artifacts, etc), but it helped me.
If the Woodway treadmills at the Palo Alto Equinox had the same uptime as my Macbook Pro, I don't think certain Apple execs would be happy.
The reality is that Apple's software is absolute shit. OS X was the only software that wasn't shit. I can't think of a single counterexample otherwise. They take great software (like logic audio) and turn it to shit. It's incredible. Clearly macos follows in the shit tradition of iTunes, the legendary mother of Apple's shit software.
Super frustrating when I I sit down and wake up the machine to find both displays flashing. Usually unplugging the LG clears things up, but replugging often results in the brightness on one display being set randomly.
Perhaps, if the entire tech community regards Apple as a joke, they will start paying attention.
“Responsible disclosure” is great stuff for creating a culture of free outsourcing of tech companies’ most imporant feature (security) to the same people that paid those companies thousands of dollars for that privilege.
Only by casual hackers. The pros will probably have been exploiting the flaw for weeks or months against gainful targets.
If there is a reasonable end-user workaround against the vulnerability then I'd argue it's more responsible to publish early and widely than to wait for the vendor.
It becomes greyer if there is no workaround. I'm not sure what I'd support in that case.
Calling what you describe as "Responsible" is intellectually dishonest.
If companies want more responsible disclosure they should introduce harder to find bugs - sneaky edge cases in memory allocation sequences, stuff you'd have to pore over a disassembler for weeks, or slightly weakened PRNGs that would take some serious knowledge of finite fields to discover :-)
Responsible disclosure is more or less earned as your resources go to infinity.
s/that goes viral before reaching \"proper\" channels//
The fact that the problems existed to begin with is more troubling than whether they became known outside the company or not. IMO.
With an open source UNIX-like OS (like the ones Apple sourced from for parts of macOS), both the developers and the users can watch the commits as they happen. Developers and users anywhere can choose to watch the commits and may be able to detect a series of poor quality ones. At least they can make informed decisions on the relative merits of changes from one version to the next. (Edit: They might choose not to compile or install certain components. I do not use X11. Nor do I use systemd.)
The fact that development of macOS is hidden from those outside Apple and that problems are protected from "going viral" does not make the problems any less of an issue for macOS users.
The issue is not how fast and secretively they fix problems, it is how many problems their developers are introducing into the existing version to begin with.
If there are problems routinely being introduced then no amount of fixing after the fact and behind the scenes is going to make the OS higher quality. Only due care taken before introducing changes will guard against further deterioration of quality level.
(Edit: The mention of open source is not intended to be interpreted as an argument that open source inherently results in better software. Perhaps skill and attention to detail are at cause. This is a debate worth avoiding.
The relevance of the mention of open source is intended to suggest that detecting and avoiding problematic software may be easier for some users, e.g. yours truly, if they can access the source code. As opposed to hoping that Acme Hardware and Software Corporation will quickly and secretly fix all software problems that slipped through their QC procedures. Too late for the user who has already paid for the software and updated to the new version. That argument should not be too controversial.)
Also, Linus' Law has some doubters. Things like Heartbleed show that Open Source isn't immune to long-standing, very impactful bugs.
I'd send you to the relevant jwz rants but I'd rather spare everyone the goatse-ing...
Also "Responsible disclosure" means absolute nothing to most people who are not security researchers. They don't know about it, even if there is a bounty and they could make a decent profit, they have no idea what those things are. They notice they can get root access or the focus sends their password to Slack and they'll tweet about it.
They didn't even include it into the big bounty, did they?
It feels like they don't give a shit about non-iOS-devices.
Apple customers dont care about the tech , they care about cool. This is what Steve Jobs and apple as branded themselves on so thats what you get, cool without good tech. And it wont matter becuase that is not the reason people buy Apple.
Tech community doesnt care about Apple, but the engineers will happily take their money to work on their products. If apple falls programming and computing will go on happily and at least we wont have to build over priced products for a bunch of children to take selfie shots that dont care 2 cents that they have a technical marvel in their hands.
There has been work to solve this by registering the session, compositor, and screen locker each with the session manager.
If the screen locker (which now can use any toolkit) crashes, the session manager can try to restart it. If it fails again, it just displays "your unlocker has crashed. To unlock this session, open a tty, login, and type `loginctl session-unlock`"
This solves all the issues, but he (and many others) have been fighting against systemd for a while (which fixes this, and so many other issues, which no competing project ever handled)
DON'T OPEN THAT LINK
For those interested, the sample exploitation that I've discovered was connecting any iPod/iPhone device to a OSX laptop while screen was locked was taking the focus away from login prompt 'into' the system, where iTunes was gaining it and from there it was just few OS level keyboard shortcuts from gaining network access to the system, while still locked: launch finder, go to tools folder, launch terminal, launch `nc` in the terminal to get the access via network. Lots of blind typing but it worked more times than not.
Any proofs? Perhaps you can demand a bounty payout or sue them ignoring!
Also, if you read the rest of the comment, Apple didn't ignore it. They fixed it.
I was used to hammering return a few times to wake the machine up, then typing in the password, then hitting return again.
The few times I hammered return woke the machine, the watch unlocked the mac and the password plus the return key went into the app that had focus which for me also was Slack.
Is it possible that this user had the same thing happen to them? When I disable the watch unlocking, I can't make the password go anywhere but into the login screen (10.13.1 here with last weeks security update applied)
See https://twitter.com/BenoitLetondor/status/939164367962148864
Return is a dangerous key!
My gut instinct says that a some former people at Apple used to do a lot of undocumented QA work and sanity checks, and that as the company has grown and changed, nobody picked up the slack when they left. Now, they'll have to go through a formal process of re-identifying QA steps that need to exist, and hiring against them. It's been a hell of a month for them, though.
- Very good
- Wants to live near Palo Alto
- Is able to live in the US
- Wants to be subjected to Apple's privacy rules
- Wants to work on fixing bugs instead of making new features
In the software engineering game, money only goes so far.
Also, I don't think the privacy restrictions would be so bad. Apple's UIKit engineers occasionally chit-chat with indie devs on Twitter.
The problem is that this job would be absolutely futile. If Apple hired 100 great engineers to fix bugs, management would simply double the amount of features that go into each yearly release.
https://medium.com/@lemiorhan/the-story-behind-anyone-can-lo...
Posting it on Twitter, however, draws attention to Apple's waning security practices and how such glaring holes manage to slip past their peer review. It sparks public outrage, and may serve as a wake-up call to the company.
those are users dogfooding a product they paid for. and probably well off already, so the twitter bragging rigths is more valuable than the loss of anonymity + $500.
Here are the steps to reproduce:
- Start Mac
- Login
- Turn on Screen Lock: System Preferences > Security > General > Check "Require Password" and Select 5 Seconds.
- Turn on Hot Corner Sleep Display: System Preferences > Mission Control > Hot Corners > Select upper left > Put Display to Sleep > Ok
- Attach external monitor
- Activate hot corner by dragging mouse to upper left corner of screen
- Wait 6 seconds
- Click the mouse to trigger waking the screen
- See brief flash of the desktop without logging in!
Overall, there appears to be something funky with this overlay technique and how things are asynchronously rendered.
Reminds me of people being told in chat to hit F10 to enable cheats in Counterstrike Source. Half the gamers would exit immediately.
This is also vaguely similar to the 'test SSL submit' security technique of first entering enough data into login forms to process a submission, and then entering real login info into the 'login failed' retry page after verifying SSL. This has lost some of its luster as non-SSL form submission has fallen out of wide usage.
AuthenticationMethods requiring both wasn't availabe in OpenSSH prior to v6.2 (May 2013)[1] and I'm on Windows anyway so I went with https://www.bitvise.com/ssh-server.
Is this why everyone does 2-step login on websites now?
Maybe Slack or other apps have to call for focus, and MacOS is allowing those calls while it's locked.
While most of the bugs have disappeared with the recent update, there are still some minor ones that really pisses me off: Screen freezing unresponsively for 30-60 seconds before things get back to control; and music playing randomly (happened a few times. Everything calm. Boom, music starts to play).
I'm pretty sure this mess wasn't here before the update to iOS 11.
Edit: Just found there is a new update. Let's see if they are getting their shit together this time.
The sheer amount of bugs in High Sierra is ridiculous, with the exception of the root password bug, I've personally experienced the following bugs with my Thunderbolt display:
* In 10.13 or 10.13.1 the built-in web camera was broken. The video would freeze after a few seconds when attempting to use the camera in FaceTime. This was fixed in 10.13.2.
* In 10.13.2 USB audio devices connected to the TB display no longer work properly. After playing audio through the device (USB DAC in my case) for 30-60 seconds, some sort of interference/electrical noise appears for 5-10 seconds every minute or so. I assume this has something to with "Improves compatibility with certain third-party USB audio devices." from the 10.13.2 release notes.
App Store is not working.
Downloading fix from website tells that my fusion drive is not compatible with this kind of install. Use App Store.
I don't even have a fusion drive.
This is why Windows NT runs the log-on user interface, the screen saver, and the elevation consent UI on separate desktops that have restrictive ACLs disallowing interactive user processes from creating windows there.
I witnessed it. I was not able to reproduce it in 10-15 minutes of testing. She did NOT type in the password. Just banging on the keyboard, playing with the screensaver.
It wasn't Slack-specific as I've only started using Slack recently.
I've seen similar behavior when switching users. The full-screen password entry login comes up, but focus is still on regular apps.
I've also noticed another thing happening more lately - locking the screen, only to have it automatically unlock itself a second or two later. I always have to make sure it actually stays on the screensaver for a few seconds before I trust it will actually lock.
That specific setting was: my keyboard was used to setup his mini, mini was turned off and on later. My keyboard, already properly reconnected to my mac at that time, disconnects on timeout (or for whatever reason it does that few times a day). Mini “grabs” my keyboard when it goes back on air. I wake my sleeping mac via trackpad and try to type my password into focused password field. Non-obviously, no characters appear on my screen.
I usually press control key to wake up every computer (shift doesnt work on some). that one time I woke it up by tapping on the touchpad.
Many of OSX's problems come from trying to shoehorn security on top of operating system concepts that were developed in 1969.
