Comment by tshaddox
4 years ago
> I'm puzzled that people are willing buy a computer/OS where (apparently) software can/will fail to launch if some central company server goes down. Maybe I'm just getting this wrong, because I can honestly not quite wrap my head around this. This is such a big no-go, from a systems design point of view.
The answer is pretty simple: these problems are extremely rare, they don't last very long, and they tend to have fairly simple workarounds. You seem to have a principle that any non-zero chance of being affected by a problem of a certain type is a complete deal-breaker, but most people when buying a computer probably just subconsciously estimate the likelihood and impact of this type (and all other types) of problems and weigh that against other unrelated factors like price.
It's even simpler than people not caring, people don't know.
Furthermore, if you’re one of the few who do know and it bothers you, you can turn it off.
Furthermore, if you're one of the majority who don't know, you cannot turn it off when it affects you.
2 replies →
Exactly. Today was the first day when I knew this was possible. If I had been buying a computer a month ago, this would not have been a factor in my calculations whatsoever, because I didn't know it was even a possibility to consider.
A month from now? Different story.
FYI, both Windows and Chrome (to an extent) can do this too. Windows will phone home to smartscreen scan downloaded executables, and Chrome checks every download against virustotal (owned by Google since 2013) for viruses to warn that software is malicious, and I've been burned by this a few times when a download wouldn't complete for multiple minutes due to this scan.
1 reply →
And they don't know because the hidden source of the binaries their overpriced hardware is running. So users can't inspect the source and look for hidden "gems" like this one, let alone fix those intentional bugs themselves - not just due to not having the source, but the hardware refusing to boot anything not signed by the blessed key of Apple.
Are Macbooks really overpriced? A Microsoft Surface or a Razer laptop cost roughly the same price.
1 reply →
"I'll do YOU one better." /Drax
I know, and I _want_ this. In general, it effectively eliminates the possibility that I'm going to install malware.
As an Apple user of 10 years: I had no idea macos phones home like this.
That's one potential issue, if you have privacy concerns. But the real problem here is that there's a blatant bug in the phone-home code that causes apps to crash if Apple's servers have a problem.
No, I don’t think you should just dismiss the privacy issue. It seems every time I launch an app, MacOS tells Apple. That’s also a REAL problem — and I guess I won’t be buying a Mac again unless the feature can be turned off.
5 replies →
“Bug” is an unverified assumption. For all we know this could be a designed outcome.
2 replies →
simply doing “if server does not respond, don’t check anything” would be bigger flaw in design because that would mean just modify hosts file to localhost or something and the security check would be worked around.
4 replies →
It's a certificate check.
I knew and didn't care. If you care, you're going to be real upset when you look at your other alternatives.
That said, I don't think many people here actually care. I firmly believe that most of the people on this site just like to shit on Apple, because they prefer that to trust their privacy to an Advertising company.
I agree with your point about it being a principle, although I would add that the decision to build a product in this manner is also a principle.
Furthermore, I would sort of disagree with the answer to why people would buy this. In terms of "most people buying a computer", the overwhelming majority of Apple customers are likely ignorant to this issue, and will continue to be.
> rare, very long, simple
in this context those are simply weasel words in my opinion
It's true that I don't have data on how often this type of problem happens, how long they last, and what the workarounds are, but I'm using those words not to be intentionally vague, but to reflect my own impression from my own experience, and I strongly suspect my impression matches most people's.
It's like saying car crashes are rare, insured against, and you personally never experienced one.
This does not mean car crashes can be ignored, or cannot happen to be dangerous.
There is a balance between the possible damage because of not checking signatures remotely, and the possible damage from not being able to run a program when the remote checking service is unavailable. But there is no situation where the average damage is exactly zero :-/
3 replies →
The problem is that this is not an issue that should be viewed only in the current context. Just because things are rare now, don't last very long doesn't mean that they will continue to be that way, or that it will work at all in the future if Apple decides that only EOL OSs could be using this system at some future point where it's mostly changed.
Not caring about this now is like not caring about government or corporate privacy invasions because "I have nothing to hide". It completely ignores all the variables that have to align to make this benign that happen to at this point, but are in now was assured for the future.
4 replies →
If you use your laptop as mostly a youtube machine or a social media station then yes, the described problems are not a big deal, in fact they are probably beneficial to your well-being. But if you use your laptop to earn a living, that can be a major problem, day traders for a top of the head example. This also sounds like a nightmare for the corporate world. I suspect that these custom silicon iOS devices will be fully cemented as 'Fisher Price' computers.
4 replies →
Without principles, your freedom will be (is being!) slowly chiseled away, pragmatically accepting each small step. By the time even pragmatism tells you to refuse, it'll be too late.
That's exactly what happened in Hong Kong: https://www.nytimes.com/2019/10/09/technology/apple-hong-kon...
But it could never happen here...
(As someone pointed out, this does more than just prevent apps from running - it also leaks which apps you use and how often. Someone could ask Apple exactly when you started Tor browser, for example)
The payoff for the very slight risk is an effective built-in malware prevention system that doesn’t treat me abusively and reacts in a timely manner to abusive circumstances.
After decades of production operations, I have no complaints about how this was handled, and I expect they’ll investigate and patch any defects exposed by the outage.
I went for a walk when this happened and when I got back it was fixed. Works for me.
Normally I'm of a similar opinion to yours...but in this case I'm not.
What happens if you're trading securities, or if you have an imminent deadline? Apple sells a fail-closed security feature, without investing the resources necessary to keep it as near to 100% serviceable as possible, and never really discusses it with the user. When it hangs, most users don't even know why.
WTF!
Seems like they could partner with Akamai (or one of its competitors) to make the server-side component of this feature more robust.
If they are going to sell the MBP as a premium professional product, then they must recognize that it will sometimes serve as the linchpin of users' mission-critical activities.
Take a billion dollars out of the stock buyback, invest it in the product instead, and make this problem go away.
Apple’s entire CDN collapsed on Big Sur launch day, which for years was and probably still is backed by Akamai. The OCSP endpoint was just one of many that was impacted. Seems like that’s exactly what you suggest they should have done to make this more robust. The endpoint failed for the first time in a decade this week. That’s better uptime than any stock exchange you’re trading securities on.
What's it like renting a computer?
The tricky part with renting a computer is that you have to insure it against accidental damage by the renter, and that has to be “gig economy” or “business” compatible insurance, because you’re profiting from loaning it to others.
There’s also not exactly a huge market for rental computers when you consider that libraries offer them for free, and often with better Internet connections than those renting a computer could offer.
Renting computers is a lot easier if you host them in the cloud and deny physical access to your customers, though — they generally can’t do permanent damage, and there’s no issues with theft/loss. But this isn’t typically viewed as “renting” anymore, but instead something like “colocation” or whatever EC2 is.
Why do you ask?
I think more specifically it's rare enough that it hasn't happened to most people yet or people blame themselves ("my internet is bad" and the like)
There's software "EazyFlixPix" which shut down its authentication server - so everyone who purchased the app can no longer install it (unsure, but they might be also prevented from running it too).
Feels problematic.
That's different mindset — ability to fix, right to repair. No way to comfortably run another OS on MacBook, has to use macOS. It is closed source, users at mercy of the company. Think different.
Also, which is the bigger risk for most people: disruption to the cert verification, or malicious runtimes on their system?
(Hint: I have literally never seen an example of one of our bank's customers being unable to bank because of this. I have seen heaps and heaps of examples of endpoint compromises resulting in people having their accounts cleaned out.)
How do you use your computer if you don't have an Internet connection and one is required?