
For users fearing their passwords and bank account details were about to be put in the hands of crooks, that wait felt like an eternity. [citation needed]
Apple has released OS X 10.9.2 which, you'll be delighted to know, improves the "accuracy" of the unread message count in Mail, and fixes the autofill feature in Safari among other little tweaks. It also just so happens to snap shut a gaping security vulnerability that potentially allowed hackers to hijack users' bank accounts …
Or an argument for disabling copypasta in code editors ;)
I've always tended to use braces even when not strictly needed; not for this reason per se, I suspect it was because I once used an editor that didn't auto-indent unless I'd opened a brace first or something. It just stuck. Oh, and of course if your indents get fucked up somehow, if everything's braced it's easier to spot a brace mismatch (provided your editor does brace-pair highlighting).
Mostly though, I just like the pleasing "flight of geese" that comes at the end of a really deeply-nested set of loops ;)
I shall go "hoooonk! hooooonk" at the next one I set free :-)
But some bright soul suggested that it's less likely to have been copypasta than somebody not vetting an automatic three-way merge. Perforce used to get it mostly right, tempting me to just submit, go home, and see what if the test results looked good in the morning - but once-in-a-while it would get confused by adjacent changes in the mergees and end up with a partial duplicate like this.
I'm more worried that "unreachable code" is routinely disabled - it's a PITA to have to "#ifdef _DEBUG" or "(void) someParamThatOnlyGotUsedForLogging;" but there aren't many warnings that don't save your butt someday like this.
I know that Subversion and Git seem to think that code merging is the be all and end all of version control systems and even discourage file locking on check out for editing, in the naive belief that all workers talk to each other and sit at adjacent desks, so it is right and proper for two people to work on the same file simultaneously (makes me think too much work by different authors is in a single file).
But really, I recall that systems that provided code merging (that I did try a couple of times) used to come with the caveat that automatic code merging is a bad idea, at least of merging versions from two different people - all these wonderful methodologies and tools for designing and writing code buggered by the most basic fallacies: that working in parallel on the same file and automated merging are good ideas.
I've seen it tried with Perforce and Subversion (only once by me, what a waste of time) and seen it cause near disaster every time. Anything beyond the most trivial and carefully read and reread by another engineer is just horrible.
Just use discipline, reinforced by file locking and a proper code review systems. Same goes for documentation by the way.
In this case, the indentation would have made it easy to miss in a quick and nasty review and makes one of the few, good cases for curly brackets everywhere possible, then use vi (1) or similar to check the matching pairs.
This post has been deleted by its author
I don't see what the big deal was.....I just used another browser until it got fixed. They said the update was near and figured it would be this week. Whoopee!!
If they would have rushed out a fix and screwed something up then everyone would have been complaining about that! It was put in a current about to be released update and tested and released! That simple!
I don't see what the big deal was.....I just used another browser until it got fixed.
And that other browser on iPads & iPhones would be?
If they would have rushed out a fix and screwed something up then everyone would have been complaining about that!
Guess Apple needed enough time to make sure the fix compiled, maybe even get around to writing their first unit tests for their freaking Security Library.
Indeed the reporting of this issue was so poor
1. You would need to do a man in the middle attack first so this discounts all but public locations in reality.
2. It was only an issue for numeric addresses not fqdn so how was this going to affect joe public as the last time I logged into my banking it never used an ip address.
3. It was only just reported Friday and was fixed Tuesday - not sure how that is such a long time.
"Indeed the reporting of this issue was so poor"
Your understanding is wrong, I'm afraid.
1. Any router between you and your website can take advantage.
2. No, that was a curl bug unrelated to the grave SSL cert issue; all network connections boil down to IP addresses anyway.
3. It was reported on Friday after Apple dropped a 0-day on everyone with no fix available and with no fix delivery date.
Keep it coming. I'm loving it.
C.
3. It was only just reported Friday and was fixed Tuesday - not sure how that is such a long time.
They fixed it on Friday for iOS, but didn't roll out the OSX fix 'till Tuesday. That's really long given that the fix is in a library, you should be able to simply recompile the affected apps with the new library and release that. Good thing I still am on Mountain Lion...
Has anyone come forward that was effected? Like hackers are hiding under my bed or getting access to my home network via WiFi. This is just more anti-Apple banter. How fast are flaws discovered in Android fixed, even in the most recent version? I have been using a Mac since the 1980's and have never had a virus, been hacked or lost data and I have never spent a single cent on anti-virus software.
Well there is the fact that internal documents of the NSA reveal they found a way to get any information they wanted from iPhones about a month after this bug was introduced. If the NSA had been monitoring changes in the published code (which would be the logical thing to do for them, considering this is a security library for a large target), it is quite likely they found the bug right away and have used it ever since.
Of course, "if you have nothing to hide, you have nothing to fear"... Right?
@GaryDMN - "I have been using a Mac since the 1980's and have never had a virus, been hacked or lost data and I have never spent a single cent on anti-virus software."
==============================
I was wondering how long it would take a fanboy to post the obligatory "I've never been hacked or whacked in 30+ years and don't believe in security measures on a Mac" post.
No - you weren't (that you know of) - but millions of Apple users have been, and some of the consequences have been pretty disastrous. And that number probably went up substantially over the weekend. Keep drinking your own Kool-Aid though, and telling all your friends and family that "they don't need to worry about security on a Mac". Hope it works out for you.
I have been using a Mac since the 1980's and have never had a virus, been hacked or lost data and I have never spent a single cent on anti-virus software.
Had you said "early 2000's" it would have been believable. I was a Mac user during the early Mac+ days, up until sometime around 1998. I came back to Mac sometime around 2012 as most of my work is now based on UNIX and Linux, thus no real need for Windows (and gah! Win8! yuk!). But there's no way you're going to hear me say Mac has never had a virus. Frickin' Symantec Antivirus was born on the Macintosh ecosystem. And yes, we did get hit by a couple of virii, in fact we got to lose a couple of HDDs thanks to them. MacOS Classic had quite a bunch of virii roaming about, it was OSX that started the virus-free claim.
I will agree that it is at least more secure than Windows, but most UNIX/POSIX based OS can claim that feat.
I just managed to get Cisco AnyConnect Mobility Client working after my company closed off the previous VPN server (which worked perfectly).
I installed Apple's update this morning, and lo and behold AnyConnect doesn't work any more. First I got a message saying it couldn't reach the connection server, now I get a message saying it's timed out.
Dammit to hell and back. From home to office is a 3 hour round trip, seriously f*cks me off when one thing is 'fixed' and the fix takes something else vital out at the same time. Especially when the 'fix' promises to resolve VPN connection issues.
*UPDATE* Fixed it. If anybody is facing the same problems with AnyConnect Mobility Client (Corporate Intranet pages display with no CSS, Javascript won't load etc over VPN, yet load fine when connected directly to the Intranet i.e. in the office), this fix worked for me. I suspect the VPN firewall was blocking some 3rd party sites, and adding them to the Search Domains list forced the firewall to allow them.
Check the page source in Safari of a page that won't load. You'll see any resources that won't load correctly highlighted in red at the bottom of the source viewer.
Add these domains to the 'Search Domains' configuration pane for your VPN connection (Connections > Properties > Search Domains, then click '+'). So if the resource w3.css.subd.com/css/main.css won't load, add subd.com to the Search Domains list.
If your VPN won't connect at all (timeout or connection manager not found error), add the Connection Manager domain directly to the Search Domains box as well. So a connection manager address of wecm.us.cisco.com means you should add cisco.com to the search domains box.
Not sure if this last is a hack (certainly feels like it) but it works for now.
as it still has iOS6 on it, and it will be sold with it on (at a premium I suspect) when the 6 comes out and I get one. (If I don't get a Galaxy 5 that is. Or a Heuwei ?!?). I have been steadfastly ignoring the iOS7 "update" since it first appeared as I have no intention of converting my perfectly serviceable phone into a laggy, power-hungry partially non-functioning brick, thank you very much.
IMO the 4 & 4S should NEVER have been pushed iOS7. It's been written off elsewhere as a cynical ploy to get otherwise happy Apple owners to fork out for new hardware when it really wasn't needed.
I'm running iOS7 on my 4S with no problems; it's smoother than 6 ever was, and the battery life may actually have improved. I certainly didn't notice it falling off a cliff anyway. My girlfriend is running iOS7 on her iPhone 4 and it struggles somewhat there, although no more than the final versions of 6 did.
If you look past the colour scheme (I like it, but opinions may vary) then iOS7 is a significant upgrade on a 4S.
Oh, and it's unlikely you'll get a premium for having 6 on it; those who care enough about such things will generally be able to downgrade it themselves using Firmware Recovery mode.
My reply was to the OP (Lallathingy), that might not have been apparent as we cross-posted.
The gist -- with the caveat that I have no idea whether s/he's correct in his/her assertions -- is that if this vuln is present on iOS 6 (as s/he seems to think is the case), then s/he is apparently content to trade security for a more likeable UX, both for him-/herself (until the iPhone 6 comes out) and for whatever poor soul then buys the by then maggot-ridden thing off him/her.
Gad, I hate explaining my trolls.
I finally updated my iPhone4 from iOS6.1.3 to 7.0.6 on Monday, for the same reason that Apple are nannyingly disallowing installation of 6.1.6 on them.
And it turns out it's faster than it was with 6 on, smoother, and less crashy. I know, surprised the hell out of me, I thought I was going to be spending the next day messing around with reinstalling 6 against Apple's wishes.
It;s no panacea, it still has pauses on app switch/startup, but it's no slower and the transitions are less offensive than they were in 6 because 7 does more papering-over-the-cracks stuff with pictures of the last app screen and restarting apps in exactly the same place you left them.
So, all good - for me, anyway. Except Podcasts, which is a bit less crunchy than it was in 6 but buggily doesn't think I've finished any episodes. I've replaced with PocketCasts which is a lot smoother.