←back to thread

macOS unable to open any non-Apple application

(twitter.com)
2603 points mattsolle | 1 comments | 12 Nov 20 21:00 UTC | HN request time: 0.206s | source
Show context
elmo2you ◴[12 Nov 20 22:26 UTC] No.25076037[source]
Sincerely and without any intention to troll or be sarcastic: I'm puzzled that people are willing buy a computer/OS where (apparently) software can/will fail to launch if some central company server goes down. Maybe I'm just getting this wrong, because I can honestly not quite wrap my head around this. This is such a big no-go, from a systems design point of view.

Even beyond unintentional glitches at Apple, just imagine what this could mean when traffic to this infra is disrupted intentionally (e.g. to any "unfavorable" country). That sounds like a really serious cyber attack vector to me. Equally dangerous if infra inside the USA gets compromised, if that is going to make Apple computers effectively inoperable. Not sure how Apple will shield itself from legal liability in such an event, if things are intentionally designed this way. I seriously doubt that a cleverly crafted TOS/EULA will do it, for the damage might easily go way beyond to just users in this case.

Again, maybe (and in fact: hopefully) I'm just getting this all wrong. If not, I might know a country or two where this could even warrant a full ban on the sale of Apple computers, if there is no local/national instance of this (apparently crucial) infrastructure operating in that country itself, merely on the argument of national security (and in this case a very valid one, for a change).

All in all, this appears to be a design fuck-up of monumental proportions. One that might very well deserve to have serious legal ramifications for Apple.

replies(35): >>25076070 #>>25076108 #>>25076117 #>>25076130 #>>25076131 #>>25076194 #>>25076232 #>>25076348 #>>25076377 #>>25076414 #>>25076421 #>>25076460 #>>25076514 #>>25076630 #>>25076635 #>>25076649 #>>25076707 #>>25076786 #>>25076858 #>>25076908 #>>25076965 #>>25077109 #>>25077171 #>>25077401 #>>25077488 #>>25077655 #>>25077729 #>>25077764 #>>25077960 #>>25078164 #>>25078511 #>>25078513 #>>25079215 #>>25080127 #>>25108729 #
alwillis ◴[16 Nov 20 06:27 UTC] No.25108729[source]
All in all, this appears to be a design fuck-up of monumental proportions. One that might very well deserve to have serious legal ramifications for Apple.

Apple gave a detailed explanation. It was a server misconfiguration combined with a CDN issue which caused the OCSP certificate check to stop working, which caused Apple's system for ensuring certificates haven't been revoked to stop working:

    “We have never combined data from these checks
    with information about Apple users or their
    devices. We do not use data from these checks
    to learn what individual users are launching
    or running on their devices,” clarified the
    company.

    “Notarization checks if the app contains known
    malware using an encrypted connection that is
    resilient to server failures,” says Apple,
    further emphasizing, “These security checks
    have never included the user’s Apple ID or the
    identity of their device. To further protect
    privacy, we have stopped logging IP addresses
    associated with Developer ID certificate checks,
    and we will ensure that any collected IP addresses
    are removed from logs,” details Apple.
https://news.ycombinator.com/item?id=25108108
replies(1): >>25120776 #
1. alwillis ◴[17 Nov 20 06:11 UTC] No.25120776[source]
not only do I see fewer macbooks every year among the affluent crowd…

Turns our Apple's MacBook business grew 39% last quarter: https://appleinsider.com/articles/20/11/16/apples-macbook-bu...