Chris wrote on Sat, 6 Jul 2024 07:33:51 -0000 (UTC) :

>> You Apple nutcases always claim that I love Google & Microsoft.
>
> You're fantasising again. No-one has said that.

No. You're who is fantasizing. I'm on record many times for telling the
ugly truth about any and all operating systems, from Canonical's Unity
(which I hated) to Microsoft's removal of the start menu, to Google
creating accounts on the phone when you use GMail, to Apple's brazen lies
that they provide safety and security when Apple does nothing of the sort.

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products
because of the way millions of those Apple products are developed using
Apple software (Xcode).

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control
>> Let me tell you something, Chris - which you should already know by now.
>>
>> I tell the truth (with cites) about every consumer operating system, Chris.
>
> You have no concept of the truth or facts.

You are a religious zealot. Your entire belief system is based purely on
Apple advertisements. Apple advertises safety & security. You believe it.

But then....

> And when you get caught out, you snip and run.

Apple advertises safety & security. You believe it.

But then....

Then, when the XCode/CocoPods vulnerability shows up which researchers
found, you claim that Apple is too incompetent to even have *thought* about
testing the iOS/macOS software that billions of Apple users use.

Not only do you claim Apple is too incompetent to even have thought about
testing macOS/iOS apps for safety and security, but you claim that Apple
doesn't have the technical capacity to test for safety & security.

Witness your own post here, Chris, saying exactly that.
<https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>

>> Since the flaw is so fantastically pervasive, and since it allows
>> zero-click exploits on only Apple products, don't you think Apple should
>> have cared about testing this since it affects billions of users?
>
> What libraries developers use is their responsibility, not Apple's. It's
> the same with all OSes.
>
> If Apple became even more prescriptive regarding how apps should be
> developed you'd be the first to claim foul play and complain even more
> about the "walled garden".

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products
because of the way millions of those Apple products are developed using
Apple software (Xcode).

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control.

All you're really saying is you believe Apple's lies even as you know that
they are lies (since you believe Apple can't provide safety & security).

Andrew <andrew@spam.net> wrote:
> Chris wrote on Sat, 6 Jul 2024 07:33:51 -0000 (UTC) :
>
>>> You Apple nutcases always claim that I love Google & Microsoft.
>>
>> You're fantasising again. No-one has said that.
>
> No. You're who is fantasizing.

No. you are.

>>> I tell the truth (with cites) about every consumer operating system, Chris.
>>
>> You have no concept of the truth or facts.
>
> You are a religious zealot.

Nope. I'm an atheist.
> Not only do you claim Apple is too incompetent to even have thought about
> testing macOS/iOS apps for safety and security, but you claim that Apple
> doesn't have the technical capacity to test for safety & security.
>
> Witness your own post here, Chris, saying exactly that.
> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>

You must have some form of comprehension disability. Any english speaking
person can understand that what you claim is at odds with what I wrote.

Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :

>> Witness your own post here, Chris, saying exactly that.
>> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>
>
> You must have some form of comprehension disability. Any english speaking
> person can understand that what you claim is at odds with what I wrote.

Jolly Roger wrote on 7 Jul 2024 02:06:58 GMT :

>> The fact is that I'm beginning to think you didn't lie, Chris.
>
> Not a fact. You lose.]

Holy shit! You didn't lie!
*You're just incredibly confident in your complete ignorance!*
<https://i.sstatic.net/NJkCp.png>

I've always said that there are always one of two reasons why you Apple
religious fundamentalist zealots are so confident about being wrong.
<https://i.sstatic.net/wgoc9.jpg>

1. You either brazenly lie, or,
2. You really believe Apple fully supports more than 1 release at a time.
<https://i.sstatic.net/XgbX3.jpg>

Since Chris and you can't answer this simple question, even now...
Q: Does Apple publicly state they fully support only one release at a time?
A: Yes or no.

I'm beginning to realize fundamentalist zealots didn't lie after all.
*You actually _believe_ Apple simultaneously fully supports >1 release!*
<https://i.sstatic.net/QbnWs.png>

In other words, you're all to the left of Mount Stupid on the
Dunning-Kruger scale, which is people who know absolutely nothing but who
feel they know everything - which is all your strange religious zealots.]
<https://i.sstatic.net/wAbpc.jpg>

On 2024-07-07, Andrew <andrew@spam.net> wrote:
> Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :
>
>>> Witness your own post here, Chris, saying exactly that.
>>> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>
>>
>> You must have some form of comprehension disability. Any english speaking
>> person can understand that what you claim is at odds with what I wrote.
>
> Jolly Roger wrote on 7 Jul 2024 02:06:58 GMT :
>
>>> The fact is that I'm beginning to think you didn't lie, Chris.
>>
>> Not a fact. You lose.]
>
> Holy shit! You didn't lie!

Indeed. Here are FACTS you want us to ignore:

Open source vulnerabilities remain unpatched for decades
<https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
---
A new report reveals an enormous number of identified open source
vulnerabilities remain unpatched for 10 years and longer, often because
organisations have no idea what open source code they are using.
..
..
..
With software developers routinely taking code from open source
repositories to embed in their company's products to speed up the
development process, saving time and money, manually tracking
components, their versions and their vulnerabilities is way beyond the
capabilities of most organisations.

The report recommends all organisations invest in an automated solution
for identifying and patching known vulnerabilities. "You can't patch
software if you don't know you are using it," the authors point out.
---

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Jolly Roger wrote on 7 Jul 2024 03:22:42 GMT :

> Indeed. Here are FACTS you want us to ignore:
>
> Open source vulnerabilities remain unpatched for decades
> <https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
> ---
> A new report reveals an enormous number of identified open source
> vulnerabilities remain unpatched for 10 years and longer, often because
> organisations have no idea what open source code they are using.
> .
> .
> .
> With software developers routinely taking code from open source
> repositories to embed in their company's products to speed up the
> development process, saving time and money, manually tracking
> components, their versions and their vulnerabilities is way beyond the
> capabilities of most organisations.
>
> The report recommends all organisations invest in an automated solution
> for identifying and patching known vulnerabilities. "You can't patch
> software if you don't know you are using it," the authors point out.

The only facts we need to know are two undeniably salient facts, JR.

1. Apple touts that their ecosystem provides safety & security.
2. Yet Apple apparently has never even tested whether that claim is true.

In fact, it's obvious that Apple didn't even know how vulnerable their
ecosystem was for millions of mac/iOS apps for an entire decade, JR!

With that in mind, your excuse is that Apple is incompetent at testing?

HINT: If security researchers can find this flaw, why then can't Apple?

Andrew <andrew@spam.net> wrote:
> Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :
>
>>> Witness your own post here, Chris, saying exactly that.
>>> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>
>>
>> You must have some form of comprehension disability. Any english speaking
>> person can understand that what you claim is at odds with what I wrote.
>
> Jolly Roger

Again, a failure of comprehension. I'm not JR.

On 2024-07-06 23:36, Andrew wrote:
> Jolly Roger wrote on 7 Jul 2024 03:22:42 GMT :
>
>> Indeed. Here are FACTS you want us to ignore:
>>
>> Open source vulnerabilities remain unpatched for decades
>> <https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
>> ---
>> A new report reveals an enormous number of identified open source
>> vulnerabilities remain unpatched for 10 years and longer, often because
>> organisations have no idea what open source code they are using.
>> .
>> .
>> .
>> With software developers routinely taking code from open source
>> repositories to embed in their company's products to speed up the
>> development process, saving time and money, manually tracking
>> components, their versions and their vulnerabilities is way beyond the
>> capabilities of most organisations.
>>
>> The report recommends all organisations invest in an automated solution
>> for identifying and patching known vulnerabilities. "You can't patch
>> software if you don't know you are using it," the authors point out.
>
> The only facts we need to know are two undeniably salient facts, JR.
>
> 1. Apple touts that their ecosystem provides safety & security.

And it does.

> 2. Yet Apple apparently has never even tested whether that claim is true.

This is the comment of a liar or an ignoramus...

....or, most likely, both.

badgolferman wrote on Sun, 7 Jul 2024 12:02:22 -0000 (UTC) :

> This situation reminds me of the Ford Explorer rollover debacle. Ford
> blamed Firestone and Firestone blamed Ford. In reality they both had a
> major part in the whole thing. Firestone tires were separating at the tread
> and Ford Explorers had weak suspensions and high center of gravity. Both of
> those caused the exceedingly high number of rollovers and deaths.

Whom did the customer purchase the vehicle from, Ford or Firestone?
The answer is Ford. So this is purely a Ford ecosystem problem.

To wit, this huge security hole is purely an Apple ecosystem problem.
https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection

What kind of ecosystem is so primitive that ANYONE ON THE PLANET could
modify any of three million iOS/macOS apps at will - whenever they want?

For ten years!

> Take your pick as to whom to blame, but it shows neither company performed
> adequate testing together or merely ignored warning signs.

If Apple did NOT tout that their ecosystem provided safety and security, we
could let Apple off the hook for never bothering to test that claim.

As it is, it's clear that the one thing the primitive Apple ecosystem does
NOT provide, is safety & security.

I wonder if these zealots realize ANYONE ON THE PLANET FOR TEN YEARS could
inject ANY CODE THEY WANTED TO INJECT into over three million iOS/mac apps.

On 2024-07-07 20:12, Andrew wrote:
> badgolferman wrote on Sun, 7 Jul 2024 12:02:22 -0000 (UTC) :
>
>> This situation reminds me of the Ford Explorer rollover debacle. Ford
>> blamed Firestone and Firestone blamed Ford. In reality they both had a
>> major part in the whole thing. Firestone tires were separating at the tread
>> and Ford Explorers had weak suspensions and high center of gravity. Both of
>> those caused the exceedingly high number of rollovers and deaths.
>
> Whom did the customer purchase the vehicle from, Ford or Firestone?
> The answer is Ford. So this is purely a Ford ecosystem problem.

You get that cars (physical products) aren't the same as software...

....and that your analogy is fatally flawed as this is a tool used to
build an accessory to the product that Apple sells...

....right?

>
> To wit, this huge security hole is purely an Apple ecosystem problem.
> https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection
>
> What kind of ecosystem is so primitive that ANYONE ON THE PLANET could
> modify any of three million iOS/macOS apps at will - whenever they want?
>
> For ten years!
>
>> Take your pick as to whom to blame, but it shows neither company performed
>> adequate testing together or merely ignored warning signs.
>
> If Apple did NOT tout that their ecosystem provided safety and security, we
> could let Apple off the hook for never bothering to test that claim.
>
> As it is, it's clear that the one thing the primitive Apple ecosystem does
> NOT provide, is safety & security.
>
> I wonder if these zealots realize ANYONE ON THE PLANET FOR TEN YEARS could
> inject ANY CODE THEY WANTED TO INJECT into over three million iOS/mac apps.
I wonder if you realize how many unsupported assumptions you've made in
that sentence.