561
dfox
7y

As a long-time iPhone user, I am really sorry to say it but I think Apple has completed their transition to being a company that is incompetent when it comes to software development and software development processes.

I’ve grown tired of hearing some developers tell me about Apple’s scale and how software development is hard and how bugs should be expected. All of those are true, but like most rules of law, incompetence and gross negligence trumps all of that.

I’m writing this because of the telugu “bug”/massive, massive security issue in iOS 11.2.5. I personally think it’s one of the worst security issues in the history of modern devices/software in terms of its ease of exploitation, vast reach, and devastating impact if used strategically. But, as a software developer, I would have been able to see past all of that, but Apple has shown their true incompetence on this issue and this isn’t about a bug.

It’s about a company that has a catastrophic bug in their desktop and mobile platforms and haven’t been able to, or cared to, patch it in the 3 or so days it’s been known about. It’s about a company, who as of a view days ago, hasn’t followed the basic software development process of removing an update (11.2.5) that was found to be flawed and broken. Bugs happen, but that kind of incompetence is cultural and isn’t a mistake and it certainly isn’t something that people should try to justify.

This has also shown Apple’s gross incompetence in terms of software QA. This isn’t the first time a non-standard character has crashed iOS. Why would a competent software company implement a step in their QA, after the previous incident(s), to specifically test for issues like this? While Android has its issues too and I know some here don’t like Google, no one can deny that Google at least has a solid and far superior QA process compared to Apple.

Why am I writing this? Because I’m fed up. Apple has completely lost its way. devRant was inaccessible to iOS users a couple of times because of this bug and I know many, many other apps and websites that feature user-generated content experienced the same thing. It’s catastrophic. Many times we get sidetracked and really into security issues, like meltdown/spectre that are exponentially harder to take advantage of than this one. This issue can be exploited by a 3 year old. I bet no one can produce a case where a security issue was this exploitable yet this ignored on a whole.

Alas, here we are, days later, and the incompetent leadership at Apple has still not patched one of the worst security bugs the world has ever seen.

Comments
  • 85
    Good rant, sir
  • 106
    @dontPanic thanks. I’m pissed.
  • 45
    @dfox you should be. This whole situation sucks, man
  • 106
    This. A company with a huge amount of resources can't get a patch ready for a critical vulnerability like this in a few days?

    Haven't looked at Google much regarding this but I'm a Linux user (no shit) and I've seen news articles about a critical vulnerabilities appear and sometimes even within the hour (mostly only a few hours), there's an update available for that vulnerability.

    Next to this, removing the headphone jackplug and now even the fucking touchid button?! I know many iPhone users and I, since those features got removed, noticed that at least half those people moved to Android phones now. Hell, even my sister moved to Android because "i want a fucking normal jack plug input, fuck it, I'll get used to the Android system".

    Good rant, my dear sir.
  • 14
    Actually, they fixed it in the beta update, but yeah, beta update! I think ir’s because they fear the scenario of what happened with the root thing when they tried to fix a bug quickly. I personally prefer Android over iOs, but what I like about Apple is their hardware and their functionalities (Face ID, touchbar, etc.). My hope is that someone finds a way to hack iOs to put like an *Itengrated semi android emulator* that would act as an Android layer over iOs. So like a virtual machine, but with less boundaries and that auto-starts after unlocking.
  • 7
    iOs is unusable without beta updates
  • 10
    My question: Why isn’t the update already officially released, but for now, I’m okay
  • 43
    @LastDigitOfPi don’t worry - Apple is trying their best to kill the MacBook too. “Pro” machine with the sd card reader removed, HDMI removed, MagSafe removed, and a useless fucking touchbar that almost every Apple user, fanboys included, despises. I love my MacBook, but man, they are making it hard to continue to support these things.

    @linuxxx thanks and I’m glad to hear you know people switching. I do to. I hope that will continue to happen.

    @AlexDeLarge I think you bring up a good point. Maybe they aren’t even incompetent. Maybe they literally just don’t care. “Hey, so if our users can’t get on their favorite apps for a few hours/days/weeks, what are they going to do about it?” I can see them using that logic.

    @-vim- the beta is unfortunately completely irrelevant. Tens of millions of users like myself don’t use the beta because it’s a beta. Also, Apple’s betas (much like their released software) are notorious for being buggy and having tons of issues (because they are generally rushed). Fixing a catastrophic security issue in the beta but not the public release is absolutely unacceptable. It almost makes it worse because it shows they knew about it to come degree and they are sitting on some kind of fix.
  • 41
    1. We REALLY need to have a single standard for app development. One non profit industry organization which defines how the hardware should be accessible for devs, how the APIs are defined. There are already native apps and cross platform frameworks... but crossplatform needs to be open, standardized and optimized.

    2. We need to have hardware separated from software. You buy a phone because you like the features, build quality and specs. It might come pre-installed with software. You throw in an SD card or whatever, choose to boot from storage, and the Android/iOS/Windows/Linux installer of your choice pops up.

    Diversification of phone operating systems built on compatible standards means you have true choice, and true competition.

    People ask me in which camp I am — Apple's locked mystery iOS, or Google's bloated AdOS.

    Fucking false dichotomy.

    Both suck balls, the whole mobile market sucks sweaty balls. I want hundreds of options, I want a distrowatch for mobile.
  • 8
    @bittersweet very well said.
  • 21
    @ArchLinux yeah, exactly.

    And their argument is they wanted to make it smaller. And they did. But at least offer a pro laptop with those pro features in it. Some people don’t give a fuck if their laptop is 1 pound lighter - they’d rather still have their HDMI port, sd card reader, MagSafe, etc.
  • 14
    Steve Jobs is definitely rolling in the grave at how shit Apple is becoming.

    Then again they were already transitioning into shit before he died, so idk.
  • 5
    @-vim- beta 11.3 is even worse. But doesn’t have telugu bug. I cannot understand, why they’re breaking really good working features, like voice control - which worked excellent in iOS 10 and since 11 it’s no longer working over BT and in 11.3 - at all... And there are still countries, where we can’t use Siri...
  • 12
    @Floydian Was just joking with my friend about how shit the QA team at Apple has to be.

    Some of their recent fuck ups include:
    • Logging into Macs with root as your username.
    • Effective power
    • The "i" not appearing
    • This "killer symbol"
  • 6
    @dfox Wondering now, are you staying with iPhone's or was this the final straw?
  • 7
    Apple is primarily a marketing company and a technology company a very distant second.
  • 8
    They don't know de wae
  • 9
    @linuxxx I’m seriously, seriously considering it. I don’t particularly like Android either but at this point it seems like the better option. When this current phone dies (it’s getting pretty close) I’m probably going to switch to Android.
  • 7
    @dfox May I suggest Sony phones? My sister was a die hard iPhone user and now she doesn't want to switch away from sony haha!
  • 7
    @linuxxx thank you, I will definitely look at Sony. I’m pretty unfamiliar with Android devices as a whole so it definitely helps to hear advice on what’s good.
  • 7
    @dfox If you need/want any advice, feel free to hit me up! The android device world is big, very big.
  • 5
    I think youre not taking into mind that apple is in it for the money. they dont care if a software developer hates their product, because theyre not marketing it to them. a large amount of people have macbooks and iphones. apple went from the mindset "let's deliver the best product" to "lets just make something better than windows and android for the average user"
  • 1
    @calmyourtities Shit! You’re so right! I’ve never saw it like that, but now I see!
  • 1
    @-vim- yeah im a genius; calm ur tits
  • 2
    Closed vs open...

    Even Android is the same. Unless your running a custom ROM that it's actively updated, the bottleneck are the vendors...

    And anyone that has jailbroken I think saw this a long time ago. Infinite scroll, folders, ... Came maybe a yr later than when we got it.
  • 2
    @nik123 last I checked though Sony phones only worked on GSM networks not cdma so only AT&T based stuff.
  • 5
    @ArchLinux Now they even solder the ssds to the motherboard in the macbooks, it's honestly too much
  • 3
    Just to add something weird. I haven't owned a smartphone in almost 6 years and have made less than a dozen phone calls during that time. Everything is over Slack/FB/Skype. I always found talking on the phone and yapping over Skype a huge time waster.
  • 3
    @intromatt Skyp, Skype, SKYPE!!!!! 🀒

    Sorry
  • 3
    That fuckin' Skype UI....it's like feces smeared on the screen...@-vim-
  • 3
    apple sucks

    I learned this from living with my family who all exclusively use apple products
  • 2
    Only good product that Apple has now is the MacMini. Don't know if they have plans to kill that too.
  • 5
    Tim Cook has done nothing more than manage the company's demise. Under his leadership, every product they produce has seen neglect, decline, or a failure to technologically keep up with less expensive alternatives.

    Under his leadership, Apple has become a brand not for professionals, but for people who want to look like professionals.

    It's long past time for him to step down or be removed.
  • 5
    Apple has publicly said they will be slowing down on their yearly release schedule to give themselves more time to fix all the bugs.
  • 6
    When a company gets to the point where they can slap their logo on anything and it sells out, the quality will decline. It becomes a numbers game - the numbers being 1. Adequate supply for the ridiculous demand and 2. Profits that keep the shareholders happy.

    The Apple that people romanticize... The one where everyone was "thinking different" and trying to "stick it" to the big PC companies died long before Jobs did.
  • 5
    Android at least is moving in the right direction IMHO with project treble from 8.0+ which removes vendor induced bottlenecks when it comes to software updates. So more treble phones will easily get latest updates at least from the community side if not officially.
  • 5
    @namenlossss I'm on the Ulefone Mix myself, not the fastest phone in the world but damn you can't break this fucker!
  • 2
    I don’t really trust android either. I hate the fact that Google has no responsibility regarding android on phones they didn’t make. If I’m ever switching to Android, it got to be pixel, since google administer the updates.

    My father bought a Lenovo tablet, and since Lenovo administer the android version on that tablet, they put some adware on it that just randomly opens different marketed apps in play store.
  • 6
    @dfox While I agree that it's unbelievable that you remove features from a Pro series (Macbook Pro) I think the absolutely worst thing is how fucking useless the machines are becoming for development of large web applications or larger systems.

    Why tf is 32GB of RAM not an option? 16GB is a fucking joke, and with no way to upgrade, my next laptop I definitely not going to be a Macbook again (unless 32GB will be an option and I don't have to carry 100000 adapters and dongles around)
    People are not buying a pro because it's sleek. I mean some people probably are, bit PROFESSIONALS buy it because they want SHIT done! Even my boss, who's a huge Apple fan, hates the new Macbook Pro after he got it. The touch panel is just fucking horrendous, and the light from it reflects in the screen if you're sitting in a dark room. Fucking GG
  • 2
    I think.. in my opinion is that Apple wants more money so they limit the options that are available to users. Each update given is to slow down your device, who knows. They're just selling bits of update on physical upgrade so you have to keep buying. Likewise, people feel pressured to have the latest gadgets and technology at their fingertips. Which makes money making way easier.
    Though I used Apple previously (aka Macintosh and iPhone), I do like some things like the sandboxing platform which is very good security.
  • 3
    ++again why I don't use apple.
    Don't most OS's have measures to prevent unknown characters from doing things like that?
  • 3
    @-vim- Step back a second.... iOS is ALL beta updates. The QA department was fired long ago. If you are an iPhone user like I am... welcome to the Apple QA team, the pay is non-existent, the frustration almost unbearable... the frog is boiling baby.
  • 3
    @dfox Been using and developing on and for Apple since the beginning of time.

    These days the difference between Beta and Release is simply the calendar date.
  • 3
    @Trekko727

    That's certainly been their MO since long before Steve died, but the difference is that it used to be that people could live in the walled garden and have a great experience. Now, they have to grit their teeth.
  • 2
    Can someone provide a link to this character, i want to test it, but im not able in any ways to find this character as an actual char, only images.
    (i know about the risk stuff etc, but i want to test it)
  • 2
    @Liz3 Scroll to the bottom and the char is there.
    WARNING! THE FOLLOWING LINK CAN CRASH YOUR iPHONE: http://news.softpedia.com/news/...
  • 2
    Good rant mate, btw this bug is here since iOS 11, I know this due to classmates with outdated software.

    Also wtf every fucking year they have a bug like this, and sometimes at least on desktop they fucking reintroduce bugs because they didn't push it upstream.

    Also it's fixed in the beta
  • 2
    Sir, Apple has released iOS 11.2.6
  • 1
    Apple in general is just ignoring it's users while strikingly increasing price of its devices, which given the cost should come with atleast great support on the software end.

    And, here we are, with a character from telugu fucking everyone's devices.

    As said previously, given the resources, time and need, Apple should have released a patch to remove this bug (on highest priority) and it must.

    People buy there products and the company has no respect for them.

    Classic Apple.
  • 0
    My response is too long for a comment. Here's a fucking rant on it. https://devrant.com/rants/1224827/...
  • 0
    @FrodoSwaggins it can and has rendered entire apps inaccessible (including devRant) and can crash devices and also crash the MacBook.

    I also saw a media outlet that said they were able to brick a device with it.
  • 1
    @FrodoSwaggins we’ll have to agree to disagree. I’m not going to debate and spend my time trying to convince anyone that a bug that crashes/bricks devices and renders apps inaccessible somehow isn’t a security bug.
  • 1
    @FrodoSwaggins that I agree with - this isn’t at all about promoting Google. The majority of the comments here even say Google is simply the lesser of two evils in their opinion. That has nothing to do with this being a security issue though. And like I said, I don’t even know if Android truly is the better option, but to me there are specific things that Google does better, and yes, there are things they absolutely to worse.
  • 1
    @FrodoSwaggins this is not about Google vs Apple. This is about a company voluntarily not releasing a software patch which could result into the biggest software bug of all time.
  • 0
    @FrodoSwaggins it’s very possible that Apple is better for privacy. That wasn’t the debate here.

    I agree, a lot is a matter of opinion. Each do certain things better. For example, in my opinion, Google is 100x more friendly towards developers than Apple. If it wasn’t for Google and their care/want for helping apps get exposure, devRant probably wouldn’t exist today. Apple does nothing to help small developers and Google does.

    But I’m not saying there aren’t things Apple does a lot better. There are. I use an iPhone for a reason, but that doesn’t mean I don’t constantly reevaluate, and this rant is an instance of that.
  • 2
    I feel the same way, I always admired Apple for work they’ve done in the past but now they just seem sloppy.
  • 1
    @FrodoSwaggins again, I think Google promotion has been very low in this thread. In fact, “Google hate” is very common on devRant. Especially when it comes to privacy. No one is disagreeing with you. But it’s irrelevant to my rant. If you want to rant about Google you should go express your thoughts in a rant about Google - after all that’s what this app is for.

    But, saying “this isn’t a security bug” because you hate Google is just a silly argument IMO. I’ve literally never heard anyone say an exploit that can render apps unusable, brick devices and render the basic functionality of someone’s device inaccessible is not a security bug. That’s not the argument to try to make because you like Apple and hate Google. You can do both of those things while remaining well-reasoned and not debating that an obvious security bug/concern is a security issue. This isn’t even taking into account every security consequence that stems from this bug, like rendering moderation tools inaccessible for site/app admins, compromising entire systems that might be built to keep users secure by rendering them unusable and crash the devices/computers of those using it.
  • 1
    @FrodoSwaggins how is an issue that allows an attacker to compromise someone’s device and possibly brick it not a security issue?
  • 3
    Security issues have a pretty broad scope. “Getting your personal information” or getting any private data is certainly not a requirement to qualify as a security issue. Data integrity and other types are pretty broad as they should be.

    Personally, I consider any threat that is executed by an attacker with intent on compromising a system/destroying a device to pose a security threat and have security classification. They are compromising aspects of the device beyond just the service being used, leaking into the rest of the system.
  • 2
    @FrodoSwaggins we use an iPad to clock in. Take that as you many, but none the less that creates the record of who was in and out of the building. Use this exploit to damage the system and you could gain untracked physical access.
  • 2
    @FrodoSwaggins I think it could be interpreted different ways, because although you’re not stealing personal data, the way I see it, you’re compromising an unrelated system via an attack vector.

    For example, similar to actual real-world attacks, if you DDoS a nuclear power facility and cause harm to other systems/real world systems, it raises well-beyond a denial of service attack. A denial of service attack, on its own, IMO is when an attack vector can only deny service to the system it’s attacking.

    So in this instance, if the character merely crashed the messaging app where it it was sent, it would be more of a normal bug. However, it rises high above that level and crashes the system it’s running on, desktop computers, etc. which rises to a security issue. I see it as attacker using an attack vector to compromise more systems than the system they are operating on, hence not a “denial of service attack.”

    So yes, I see how it could be interpreted differently, but that’s what I consider a security issue.
  • 1
    @FrodoSwaggins small company so it would probably be tracked on paper but I could imagine if we were just a little bigger the clock goes down, an assistant goes to the front to take down who is coming and going, since it’s a pin system not a badge system somebody comes up and say hey I’m John I’m new here, management is too busy being worried about the clock, assistant just jots down a fake name and time he or she is given, and boom an agent is in with no id. Now sure you can imagine better security protocols, but I think that’s pretty realistic to how things would actually go and how the Telugu character can fall into the wheelhouse of security flaws. Just because the issue doesn’t give you direct access to the device it affects doesn’t mean it’s outside of the scope of security flaws.
  • 2
    @FrodoSwaggins that’s absolutely fair - not a security issue for everyone. But for some, like myself, it definitely was. Ex. not being able to moderate content on the app and even remove a malicious (though they were just trying it haha) post that was causing the app to be unavailable for many.
  • 1
    I'm shocked that no one has tried to be that person, and put a telugu character into this rant
  • 1
    Steve Jobs is rolling in his grave!
  • 0
    I don't mean to search for a worse exploit.. But macos just had the serious bug where in preferences were locked and required user password, if you put root, and empty password then hit enter twice (first try is rejected) then the second unlocks the preference pane and works as a root user.

    Funny thing is, rumor has it the bug/0day was probably there for a while before some random dude tweeted about it to Apple.
  • 1
    @xcodesucks this is a great viewpoint. I want to make a t-shirt
  • 0
    Apple is for sheep πŸ‘
  • 0
    I Hope you didn’t type this on the phone‘s keyboard.
  • 0
    @billgates I have a Nokia 5 that I bought for 120€. It came without any carrier branding and pure stock Android with Gapps. I'm running Oreo since December (or even late November?) and although I'm in 8.0 without Treble support I already have March Security Patch installed.

    In my opinion the most important thing you should look after when buying an Android phone (specially entry/mid tier) is software support.

    I couldn't be happier with Nokia. The only thing missing really is the bootloader unlock but with monthly security updates and stock Android I'm not really that worried.

    Can't wait to buy myself a N7+!
  • 1
    The last solid iPhone was the 5 and I stand by my statement.

    Apple promises more graphical features increasing demand for processing and storage, hence the iCloud scheme. Battery life? Hasn't changed much...it's been screwed and soldered tight since always? The raw resource of the battery power has been altered to a more efficient alloy, downfall=it overheats quickly; answer= create a new USB for a thinner conducive battery and market it as "fast adaptive charging." and create a USB-C port to force hardware updates. Gradually bleed them dry by downgrading software, call them "updates" because alerts at HQ say "Battery's gonna blow if we don't!" Announce next product launch. Because Susan wants to run 26 apps with background info, send texts, snaps, the gram, fb and listen to apple music, take a selfie while Waze-ing to a restaurant she found on Yelp. Yup...she's paying with Apple Pay....I wanna command a nation of Susans who will empty pockets at my behest..
  • 1
    I enjoyed reading this. Nice rant.
  • 2
    Dude if you rant about ios in itself. Just wait until you use xcode πŸ˜‚πŸ˜‚πŸ˜‚
  • 1
    @tirrorex If I could give you 100+'s on that... If frustration shortens your life, Apple should be tried for Murder by Xcode.
  • 0
    @tirrorex you will enjoy my rant that starts “Developing in Xcode is some requiem for a dream level bullshit”
  • 0
    OMG, I changed the name of "Xcode" to "πŸ•·Code" because it is a buggy piece of πŸ’© of course... and now the simulator server crashes.

    Apple needs to get their fundamentals fixed. The tower of babble is coming down?
  • 2
    to my knowledge, and in my opinion, they stopped caring with the first desktops that didn't have the PowerPC processor anymore.

    that's when all their shit went to shit.

    everything that still "worked" beyond that was just thanks to momentum.
  • 0
    I agree with most of the post but Google's QA sucks too, I bough an "Android One" device expecting a pristine Android experience tailored for my device's SoC but it was extremely glitchy, I hoped for improvements with the new Android release but the bug stayed the only difference is which new flashy and pointless feature brought more bugs and made the device slower.

    Google or Apple it all boils down to the new developement trends which prioritizes pupmping countless features over consolidating what you're already have. IMHO OSs should be a just base layer while "flashy features" such as health monitoring or smart home should be brought as 3rd party apps.
  • 0
    “Hello. Is there anyone can help me?”
  • 0
    We didn’t know it at the time, but log4j was making plans all along to usurp Apple in the pursuit of making the worst security bug
  • 0
    "devRant was inaccessible to iOS users"

    This is why a web front end matters.
Add Comment