Provided that the hacker did report all the security bugs to Apple, one could suppose that it would only require of couple of days to fix the bugs, put the site back online, and start performing a full security audit along with massive code rewrite in parallel.
The only reason i see why they would still be offline, is that they instead decided to rewrite some crucial portion of the code from the ground up (which is what the email they sent the other day would suggest). But 1 week in emergency mode for a company like Apple really means rewriting TONS of code...
<offtopic> Anyone know the state of Objective-C on the server ? I really like that language now that it has ARC, and i wonder if apple is still using that technology on the server side </offtopic>
https://developer.apple.com/search/index.php?q=HNIt could almost be the masterpiece of a tumblr blog on top technology companies using crapware for themselves.
And whilst I am sure they are using Project Wonder which wraps up a lot of the old WebObjects code there is still the fact that it is a deprecated technology.
And it's never just write some code and deploy in these situations. It will involve testers signing it off, performance testing, security testing, deployment etc. So all those parts add up. Plus there's no "Steve Jobs will fire you" threat breathing down your neck.
I mean, we all know the sad state of server-side development compared to client-side (x), yet it took a personal project for Google to create Go, it took a legal issue with java for Microsoft to start working on C#, and Apple still got nothing.
(x) : not wanting to launch a flame war, but the fact that people at Google created both Go and Dart in the last 5 years does say something, not to mention the countless "Java+" languages like scala or groovy. Also, by client-side i mostly mean objective-c on xcode, which has really become a joy.
This is terrible timing for me since I came back from travelling on Thursday and haven't been able to get on with working in iOS 7. I really wish Apple were able to provide us with more information on time-scales.
Btw, you can download beta 3 using a certain p2p protocol.
Slightly off topic, but for those unfamiliar with news.com.au it is a low quality sensationalist outlet who frequently post link bait material.
Some of their stories are shared from their News Corp partners but the rest is celebrity gossip and reddit reposts.
> I have over 100,000+ users details ...
> I do not want my name to be in blacklist
One would think that 73 compromised Apple employee accounts should be enough to make a point. Why would he take another 100k user accounts hostage?
So the guy is a hero. Thanks for disturbing real life businesses for several days, I guess?
> he was making Apple do something about it.
This behavior is endemic for the self-righteous security "researcher" scene. "I found a bug - you must do what I say, NOW, or else ..."
It's not like Apple would have ignored his bug reports if he wouldn't have scraped 100k developer accounts.
This is not responsible reporting, and he's clearly broken the UK computer misuse laws, since he signed an agreement with Apple governing the use of these systems.
I hope he's arrested soon. This behavior does nothing to help legitimate business or the security community.
- unauthorised access to computer material, punishable by 6 months' imprisonment or a fine "not exceeding level 5 on the standard scale" (currently £5000);
- unauthorised access with intent to commit or facilitate commission of further offences, punishable by 6 months/maximum fine on summary conviction or 5 years/fine on indictment;
- unauthorised modification of computer material, subject to the same sentences as section 2 offences.
If he had been contracted to pen-test the website by Apple then it would be a different matter.
Always try to do a parallel without computers to see if a computer law pass the retarded test.
In this case "it's illegal to enter a door left wide open for months, pick up a wallet full of money from a desk visible inside thru said open door, and return it to the home owner with all the money and a note about closing the door because it's not a safe neighborhood"
In your example above, why could the person not just point out that the money was not safe? It's no loss to them if the person does not act on the information.
Taking the 73 accounts is arguable in court.
Once you cross the line and scrap another 100K users in order to get their attention and shut the developer site down - you've just boxed yourself. There is no really no defense for doing something like this, regardless of your motives.
Plus iOS7 would be on a tight schedule if Apple had actually announced a release date, as it is iOS7 is on a schedule we just don't know what it is.
How is it a disgrace? You're making it sound like Apple meant for this to happen, this could've happen to any companies.
Apple should not be portrayed to be perfect at everything, they're lead by humans who can make mistakes, just like everybody else.
Apple's fixing the problem, it is taking longer than they expected it to. Nothing shameful or unacceptable here, just a nature of technology and mistakes/bugs.
We do not know the full scale of the problem, media needs to stop acting like it's just 13 bugs reported by a hacker (sorry, if he wants to be a "security researcher", he could've acted like one). It is entirely possible that the 13 bugs was just a small scale of the problem and Apple've found more extensive problems that can't be fixed quickly.
iOS 7 can be delayed to make up for the loss of time developers need or the developers will have to delay their apps.
Stuff happens, we just have to rough it out, and move on.
Well if Ibrahim is to be believed, Apple failed to reasonably handle his disclosure of the security flaws. Apple is not entirely at fault, but they surely failed to protect their users' data. Users trusted Apple to prevent this from happening, but they have failed. That is a disgrace.
1. Instapaper was very popular.
2. Gruber links to him a lot, and he writes well. More cynically, he has modeled his writing style after Gruber's, so if you want more of a Daring fireball fix, you read Marco.
I don't think Marco's opinions really hold anywhere near the weight of John's. Some just have an appreciation for this style of writing.
No it's not.
Not everybody is Edward Snowden...