Chris wrote on Sat, 6 Jul 2024 07:33:51 -0000 (UTC) :

>> You Apple nutcases always claim that I love Google & Microsoft.
>
> You're fantasising again. No-one has said that.

No. You're who is fantasizing. I'm on record many times for telling the
ugly truth about any and all operating systems, from Canonical's Unity
(which I hated) to Microsoft's removal of the start menu, to Google
creating accounts on the phone when you use GMail, to Apple's brazen lies
that they provide safety and security when Apple does nothing of the sort.

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products
because of the way millions of those Apple products are developed using
Apple software (Xcode).

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control
>> Let me tell you something, Chris - which you should already know by now.
>>
>> I tell the truth (with cites) about every consumer operating system, Chris.
>
> You have no concept of the truth or facts.

You are a religious zealot. Your entire belief system is based purely on
Apple advertisements. Apple advertises safety & security. You believe it.

But then....

> And when you get caught out, you snip and run.

Apple advertises safety & security. You believe it.

But then....

Then, when the XCode/CocoPods vulnerability shows up which researchers
found, you claim that Apple is too incompetent to even have *thought* about
testing the iOS/macOS software that billions of Apple users use.

Not only do you claim Apple is too incompetent to even have thought about
testing macOS/iOS apps for safety and security, but you claim that Apple
doesn't have the technical capacity to test for safety & security.

Witness your own post here, Chris, saying exactly that.
<https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>

>> Since the flaw is so fantastically pervasive, and since it allows
>> zero-click exploits on only Apple products, don't you think Apple should
>> have cared about testing this since it affects billions of users?
>
> What libraries developers use is their responsibility, not Apple's. It's
> the same with all OSes.
>
> If Apple became even more prescriptive regarding how apps should be
> developed you'd be the first to claim foul play and complain even more
> about the "walled garden".

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products
because of the way millions of those Apple products are developed using
Apple software (Xcode).

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control.

All you're really saying is you believe Apple's lies even as you know that
they are lies (since you believe Apple can't provide safety & security).

On 2024-07-06 07:07, Andrew wrote:
> Chris wrote on Sat, 6 Jul 2024 07:39:51 -0000 (UTC) :
>
>> See?
>
> What I see is Apple touts safety & security that doesn't exist.
>
>> You don't even understand the vulnerability.
>
> What you're saying, Chris, is that Apple lied because you're saying that
> Apple has no control over the safety and security of the apps people use.

Nope. That is not what he is saying at all.

>
>> Yet you're happy to freely blame Apple.
>
> Answer this question without resorting to lies, please, Chris:
> Q: Does Apple tout the safety & security of iOS and macOS or not?
> A: Yes or No

Yes. How is that relevant?

>
>> Apple haven't used anything here.
>
> Xcode is Apple software, Chris.

Yup. And this vulnerability isn't in Xcode.

>
>> It is third party developers who used a
>> utility that made life easier for them to support *their* apps.
>
> They used Apple's recommended methods of development, Chris.

Apple doesn't recommend CocoaPods.

>
>> These apps then are deployed into the Apple ecosystem.
>
> Answer this simple yet logically sensible question please:
> Q: Did vulnerability researchers find this pervasive flaw, or not?
> A: Yes or No
>

Yes. What of it?

>> Apple haven't used it, cannot check and have no responsibility for what
>> tools developers use in creating their apps.
>
> Simply answer this sensibly logical question then, please, Chris:
> Q: If researchers could find this flaw, could Apple have found it?
> A: Yes or No

Yes. What of it?

>
>>> It perpetuated itself deeper and has caused
>>> security problems now. That�s on Apple.
>>
>> That's like blaming Ford for a flaw in Continental tyres.
>
> Apple advertises safety & security.

>
> Zealots are claiming that safety & security is impossible on Apple products
> because of the way millions of those Apple products are developed using
> Apple software (Xcode).

Ummmmmm... that is a flat-out lie.

Which from you is utterly unsurprising.

On 2024-07-05 13:02, badgolferman wrote:
> Alan <nuh-uh@nope.com> wrote:
>> On 2024-07-05 11:43, badgolferman wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>>>> Andrew <andrew@spam.net> wrote:
>>>>
>>>> [snip typical nonsense]
>>>>
>>>>>
>>>>> Personally I think they are so invested in the perfection of Apple that
>>>>> they cannot bear the thought of there being flaws in its products. If
>>>>> someone exposes such flaws, it invalidates everything they stand for.
>>>>
>>>> The other side of the coin is that some people are so eager to find flaws
>>>> in Apple they forget to check basic facts. Like is this even anything
>>>> within Apple's control? Hint: nope.
>>>>
>>>>
>>>
>>> If Apple software is dependent upon someone else’s software, it’s Apple’s
>>> responsibility to ensure that software is safe. After all, it’s Apple who
>>> tells us they are focused on safety and security.
>>>
>>
>> Which you'll argue while at the same time arguing that Apple is wrong to
>> do what it can to increase safety and security by using an app store.
>>
>
> I have no problem with the App Store. But I do think the option to use
> other stores should exist, with all warnings and check marks required for
> you to advance. Apple shouldn’t be responsible for software they have not
> vetted and if the customer still wants it then they are culpable if
> something goes wrong.
>
> But this is a different situation. Apple used someone else’s software and
> didn’t correctly vet that. It perpetuated itself deeper and has caused
> security problems now. That’s on Apple.
>

Apple didn't "use someone else's software".

Third parties used a tool to build their apps.

Andrew <andrew@spam.net> wrote:
> Chris wrote on Sat, 6 Jul 2024 07:33:51 -0000 (UTC) :
>
>>> You Apple nutcases always claim that I love Google & Microsoft.
>>
>> You're fantasising again. No-one has said that.
>
> No. You're who is fantasizing.

No. you are.

>>> I tell the truth (with cites) about every consumer operating system, Chris.
>>
>> You have no concept of the truth or facts.
>
> You are a religious zealot.

Nope. I'm an atheist.
> Not only do you claim Apple is too incompetent to even have thought about
> testing macOS/iOS apps for safety and security, but you claim that Apple
> doesn't have the technical capacity to test for safety & security.
>
> Witness your own post here, Chris, saying exactly that.
> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>

You must have some form of comprehension disability. Any english speaking
person can understand that what you claim is at odds with what I wrote.

Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :

>> Witness your own post here, Chris, saying exactly that.
>> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>
>
> You must have some form of comprehension disability. Any english speaking
> person can understand that what you claim is at odds with what I wrote.

Jolly Roger wrote on 7 Jul 2024 02:06:58 GMT :

>> The fact is that I'm beginning to think you didn't lie, Chris.
>
> Not a fact. You lose.]

Holy shit! You didn't lie!
*You're just incredibly confident in your complete ignorance!*
<https://i.sstatic.net/NJkCp.png>

I've always said that there are always one of two reasons why you Apple
religious fundamentalist zealots are so confident about being wrong.
<https://i.sstatic.net/wgoc9.jpg>

1. You either brazenly lie, or,
2. You really believe Apple fully supports more than 1 release at a time.
<https://i.sstatic.net/XgbX3.jpg>

Since Chris and you can't answer this simple question, even now...
Q: Does Apple publicly state they fully support only one release at a time?
A: Yes or no.

I'm beginning to realize fundamentalist zealots didn't lie after all.
*You actually _believe_ Apple simultaneously fully supports >1 release!*
<https://i.sstatic.net/QbnWs.png>

In other words, you're all to the left of Mount Stupid on the
Dunning-Kruger scale, which is people who know absolutely nothing but who
feel they know everything - which is all your strange religious zealots.]
<https://i.sstatic.net/wAbpc.jpg>

On 2024-07-07, Andrew <andrew@spam.net> wrote:
> Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :
>
>>> Witness your own post here, Chris, saying exactly that.
>>> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>
>>
>> You must have some form of comprehension disability. Any english speaking
>> person can understand that what you claim is at odds with what I wrote.
>
> Jolly Roger wrote on 7 Jul 2024 02:06:58 GMT :
>
>>> The fact is that I'm beginning to think you didn't lie, Chris.
>>
>> Not a fact. You lose.]
>
> Holy shit! You didn't lie!

Indeed. Here are FACTS you want us to ignore:

Open source vulnerabilities remain unpatched for decades
<https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
---
A new report reveals an enormous number of identified open source
vulnerabilities remain unpatched for 10 years and longer, often because
organisations have no idea what open source code they are using.
..
..
..
With software developers routinely taking code from open source
repositories to embed in their company's products to speed up the
development process, saving time and money, manually tracking
components, their versions and their vulnerabilities is way beyond the
capabilities of most organisations.

The report recommends all organisations invest in an automated solution
for identifying and patching known vulnerabilities. "You can't patch
software if you don't know you are using it," the authors point out.
---

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Jolly Roger wrote on 7 Jul 2024 03:22:42 GMT :

> Indeed. Here are FACTS you want us to ignore:
>
> Open source vulnerabilities remain unpatched for decades
> <https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
> ---
> A new report reveals an enormous number of identified open source
> vulnerabilities remain unpatched for 10 years and longer, often because
> organisations have no idea what open source code they are using.
> .
> .
> .
> With software developers routinely taking code from open source
> repositories to embed in their company's products to speed up the
> development process, saving time and money, manually tracking
> components, their versions and their vulnerabilities is way beyond the
> capabilities of most organisations.
>
> The report recommends all organisations invest in an automated solution
> for identifying and patching known vulnerabilities. "You can't patch
> software if you don't know you are using it," the authors point out.

The only facts we need to know are two undeniably salient facts, JR.

1. Apple touts that their ecosystem provides safety & security.
2. Yet Apple apparently has never even tested whether that claim is true.

In fact, it's obvious that Apple didn't even know how vulnerable their
ecosystem was for millions of mac/iOS apps for an entire decade, JR!

With that in mind, your excuse is that Apple is incompetent at testing?

HINT: If security researchers can find this flaw, why then can't Apple?

Andrew <andrew@spam.net> wrote:
> Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :
>
>>> Witness your own post here, Chris, saying exactly that.
>>> <https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>
>>
>> You must have some form of comprehension disability. Any english speaking
>> person can understand that what you claim is at odds with what I wrote.
>
> Jolly Roger

Again, a failure of comprehension. I'm not JR.

On 2024-07-06 23:36, Andrew wrote:
> Jolly Roger wrote on 7 Jul 2024 03:22:42 GMT :
>
>> Indeed. Here are FACTS you want us to ignore:
>>
>> Open source vulnerabilities remain unpatched for decades
>> <https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
>> ---
>> A new report reveals an enormous number of identified open source
>> vulnerabilities remain unpatched for 10 years and longer, often because
>> organisations have no idea what open source code they are using.
>> .
>> .
>> .
>> With software developers routinely taking code from open source
>> repositories to embed in their company's products to speed up the
>> development process, saving time and money, manually tracking
>> components, their versions and their vulnerabilities is way beyond the
>> capabilities of most organisations.
>>
>> The report recommends all organisations invest in an automated solution
>> for identifying and patching known vulnerabilities. "You can't patch
>> software if you don't know you are using it," the authors point out.
>
> The only facts we need to know are two undeniably salient facts, JR.
>
> 1. Apple touts that their ecosystem provides safety & security.

And it does.

> 2. Yet Apple apparently has never even tested whether that claim is true.

This is the comment of a liar or an ignoramus...

....or, most likely, both.

badgolferman wrote on Sun, 7 Jul 2024 12:02:22 -0000 (UTC) :

> This situation reminds me of the Ford Explorer rollover debacle. Ford
> blamed Firestone and Firestone blamed Ford. In reality they both had a
> major part in the whole thing. Firestone tires were separating at the tread
> and Ford Explorers had weak suspensions and high center of gravity. Both of
> those caused the exceedingly high number of rollovers and deaths.

Whom did the customer purchase the vehicle from, Ford or Firestone?
The answer is Ford. So this is purely a Ford ecosystem problem.

To wit, this huge security hole is purely an Apple ecosystem problem.
https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection

What kind of ecosystem is so primitive that ANYONE ON THE PLANET could
modify any of three million iOS/macOS apps at will - whenever they want?

For ten years!

> Take your pick as to whom to blame, but it shows neither company performed
> adequate testing together or merely ignored warning signs.

If Apple did NOT tout that their ecosystem provided safety and security, we
could let Apple off the hook for never bothering to test that claim.

As it is, it's clear that the one thing the primitive Apple ecosystem does
NOT provide, is safety & security.

I wonder if these zealots realize ANYONE ON THE PLANET FOR TEN YEARS could
inject ANY CODE THEY WANTED TO INJECT into over three million iOS/mac apps.

Given how primitive the Apple ecosystem has recently been shown to be...

Let me see if I understand why you rather ignorant religious
fundamentalists Apple nutjobs completely excuse Apple for this shockingly
huge security hole, Jolly Roger, which has existed for a very long time,
even as Apple only touts safety and security - Apple never tests for it.

To wit...
1. You likely understand that this hole has existed for a decade.
2. You perhaps realize Apple did not find it - security researchers did.
3. You even maybe realize that three million apps are said to be exposed.
4. You may realize one of the three CVE's allows complete & full control.
5. You may realize that essentially every single Apple owner is exposed.
6. You may even understand that's billions of exposed Apple devices.
7. And you may be aware that estimates are that it's three million apps.
8. Every single one of which is installed ONLY on Apple devices alone.
9. Meaning it's purely the Apple ecosystem which allowed this to happen.

Given all those facts above, you then excuse Apple as you say that Apple
should tout this imaginary safety and security that, you say, Apple doesn't
even bother to test for (which they could have done, since others did it)?

You're fine with this primitive ecosystem being touted as safe & secure,
when it's not (and worse, you say Apple shouldn't even care to test it)?

Really?

On 2024-07-07 20:12, Andrew wrote:
> badgolferman wrote on Sun, 7 Jul 2024 12:02:22 -0000 (UTC) :
>
>> This situation reminds me of the Ford Explorer rollover debacle. Ford
>> blamed Firestone and Firestone blamed Ford. In reality they both had a
>> major part in the whole thing. Firestone tires were separating at the tread
>> and Ford Explorers had weak suspensions and high center of gravity. Both of
>> those caused the exceedingly high number of rollovers and deaths.
>
> Whom did the customer purchase the vehicle from, Ford or Firestone?
> The answer is Ford. So this is purely a Ford ecosystem problem.

You get that cars (physical products) aren't the same as software...

....and that your analogy is fatally flawed as this is a tool used to
build an accessory to the product that Apple sells...

....right?

>
> To wit, this huge security hole is purely an Apple ecosystem problem.
> https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection
>
> What kind of ecosystem is so primitive that ANYONE ON THE PLANET could
> modify any of three million iOS/macOS apps at will - whenever they want?
>
> For ten years!
>
>> Take your pick as to whom to blame, but it shows neither company performed
>> adequate testing together or merely ignored warning signs.
>
> If Apple did NOT tout that their ecosystem provided safety and security, we
> could let Apple off the hook for never bothering to test that claim.
>
> As it is, it's clear that the one thing the primitive Apple ecosystem does
> NOT provide, is safety & security.
>
> I wonder if these zealots realize ANYONE ON THE PLANET FOR TEN YEARS could
> inject ANY CODE THEY WANTED TO INJECT into over three million iOS/mac apps.
I wonder if you realize how many unsupported assumptions you've made in
that sentence.

Jolly Roger wrote on 8 Jul 2024 15:09:36 GMT :

> No, it's definitively not purely an Apple ecosystem problem

It's no longer shocking you are completely unaware that cocoa pods isn't
used in Windows or Linux, Jolly Roger, and the fact you claim it is shows
how blissfully ignorant you strange Apple religious nutcase zealots are.

On 2024-07-08 13:49, Andrew wrote:
> Jolly Roger wrote on 8 Jul 2024 15:09:36 GMT :
>
>> No, it's definitively not purely an Apple ecosystem problem
>
> It's no longer shocking you are completely unaware that cocoa pods isn't
> used in Windows or Linux, Jolly Roger, and the fact you claim it is shows
> how blissfully ignorant you strange Apple religious nutcase zealots are.

You think that Windows and Linux development tools are so primitive that
there are no dependency managers?

How cute!