XPost: misc.phone.mobile.iphone, comp.sys.mac.system

badgolferman wrote on Fri, 5 Jul 2024 21:59:36 -0000 (UTC) :

Explaining s/w toolchains to mental midgets is not a good use of time.

Why must you be so rude and insulting? I didn¢t say anything personal about anyone and already admitted I may be mistaken. Have you ever been wrong?

It's interesting that the Apple religious zealots calls anyone a mental
midget who notices that Apple touts safety & security that doesn't exist.

If security researchers could have found the flaws, then why not Apple?

Notice that the Apple zealots are effectively saying not only that Apple doesn't test the software used in iOS & macOS but that Apple can't test
their software for safety & security.

These zealots say that the only thing Apple can do, is advertise false
safety and security as, according to them, Apple can't test for it.

Mental midgets indeed - they can't see the fallacy of their own excuses.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

Chris wrote on Sat, 6 Jul 2024 07:39:51 -0000 (UTC) :

See?

What I see is Apple touts safety & security that doesn't exist.

You don't even understand the vulnerability.

What you're saying, Chris, is that Apple lied because you're saying that
Apple has no control over the safety and security of the apps people use.

Yet you're happy to freely blame Apple.

Answer this question without resorting to lies, please, Chris:
Q: Does Apple tout the safety & security of iOS and macOS or not?
A: Yes or No

Apple haven't used anything here.

Xcode is Apple software, Chris.

It is third party developers who used a
utility that made life easier for them to support *their* apps.

They used Apple's recommended methods of development, Chris.

These apps then are deployed into the Apple ecosystem.

Answer this simple yet logically sensible question please:
Q: Did vulnerability researchers find this pervasive flaw, or not?
A: Yes or No

Apple haven't used it, cannot check and have no responsibility for what
tools developers use in creating their apps.

Simply answer this sensibly logical question then, please, Chris:
Q: If researchers could find this flaw, could Apple have found it?
A: Yes or No

It perpetuated itself deeper and has caused
security problems now. That¢s on Apple.

That's like blaming Ford for a flaw in Continental tyres.

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products because of the way millions of those Apple products are developed using
Apple software (Xcode).

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system

Jolly Roger wrote on 5 Jul 2024 22:55:57 GMT :

Every accusation is a confession with these morons.

What badgolferman very sensibly said was Apple touts safety & security.

To which the religious zealots said Apple has no control over the safety
and security of the millions of apps used by iOS and macOS users.

Even though that's not correct since security professionals found the flaw.

Badgolerman === logical
Apple zealots === make no sense logically

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control

Think about those facts of your own statements before you response please.

Badgolferman === Apple touts safety & security - so it's their job to test. Apple Zealots === Apple can't test for safety & security - so it's not
Apple's job to test applications used by millions of Apple users daily.

Who is the mental midget?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

Chris wrote on Sat, 6 Jul 2024 07:33:51 -0000 (UTC) :

You Apple nutcases always claim that I love Google & Microsoft.

You're fantasising again. No-one has said that.

No. You're who is fantasizing. I'm on record many times for telling the
ugly truth about any and all operating systems, from Canonical's Unity
(which I hated) to Microsoft's removal of the start menu, to Google
creating accounts on the phone when you use GMail, to Apple's brazen lies
that they provide safety and security when Apple does nothing of the sort.

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products because of the way millions of those Apple products are developed using
Apple software (Xcode).

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control

Let me tell you something, Chris - which you should already know by now.

I tell the truth (with cites) about every consumer operating system, Chris.

You have no concept of the truth or facts.

You are a religious zealot. Your entire belief system is based purely on
Apple advertisements. Apple advertises safety & security. You believe it.

But then....

And when you get caught out, you snip and run.

Apple advertises safety & security. You believe it.

But then....

Then, when the XCode/CocoPods vulnerability shows up which researchers
found, you claim that Apple is too incompetent to even have *thought* about testing the iOS/macOS software that billions of Apple users use.

Not only do you claim Apple is too incompetent to even have thought about testing macOS/iOS apps for safety and security, but you claim that Apple doesn't have the technical capacity to test for safety & security.

Witness your own post here, Chris, saying exactly that.
<https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>

Since the flaw is so fantastically pervasive, and since it allows
zero-click exploits on only Apple products, don't you think Apple should
have cared about testing this since it affects billions of users?

What libraries developers use is their responsibility, not Apple's. It's
the same with all OSes.

If Apple became even more prescriptive regarding how apps should be
developed you'd be the first to claim foul play and complain even more
about the "walled garden".

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products because of the way millions of those Apple products are developed using
Apple software (Xcode).

What's no longer shocking is those who say in one breath that Apple
provides safety and security and yet, in the next breath these Apple
religious zealots claim safety & security is beyond Apple's control.

All you're really saying is you believe Apple's lies even as you know that
they are lies (since you believe Apple can't provide safety & security).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

On 2024-07-06 07:07, Andrew wrote:

Chris wrote on Sat, 6 Jul 2024 07:39:51 -0000 (UTC) :

See?

What I see is Apple touts safety & security that doesn't exist.

You don't even understand the vulnerability.

What you're saying, Chris, is that Apple lied because you're saying that Apple has no control over the safety and security of the apps people use.

Nope. That is not what he is saying at all.

Yet you're happy to freely blame Apple.

Answer this question without resorting to lies, please, Chris:
Q: Does Apple tout the safety & security of iOS and macOS or not?
A: Yes or No

Yes. How is that relevant?

Apple haven't used anything here.

Xcode is Apple software, Chris.

Yup. And this vulnerability isn't in Xcode.

It is third party developers who used a
utility that made life easier for them to support *their* apps.

They used Apple's recommended methods of development, Chris.

Apple doesn't recommend CocoaPods.

These apps then are deployed into the Apple ecosystem.

Answer this simple yet logically sensible question please:
Q: Did vulnerability researchers find this pervasive flaw, or not?
A: Yes or No

Yes. What of it?

Apple haven't used it, cannot check and have no responsibility for what
tools developers use in creating their apps.

Simply answer this sensibly logical question then, please, Chris:
Q: If researchers could find this flaw, could Apple have found it?
A: Yes or No

Yes. What of it?

It perpetuated itself deeper and has caused
security problems now. That�s on Apple.

That's like blaming Ford for a flaw in Continental tyres.

Apple advertises safety & security.

Zealots are claiming that safety & security is impossible on Apple products because of the way millions of those Apple products are developed using
Apple software (Xcode).

Ummmmmm... that is a flat-out lie.

Which from you is utterly unsurprising.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :

Witness your own post here, Chris, saying exactly that.
<https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>

You must have some form of comprehension disability. Any english speaking person can understand that what you claim is at odds with what I wrote.

Jolly Roger wrote on 7 Jul 2024 02:06:58 GMT :

The fact is that I'm beginning to think you didn't lie, Chris.

Not a fact. You lose.]

Holy shit! You didn't lie!
*You're just incredibly confident in your complete ignorance!*
<https://i.sstatic.net/NJkCp.png>

I've always said that there are always one of two reasons why you Apple religious fundamentalist zealots are so confident about being wrong.
<https://i.sstatic.net/wgoc9.jpg>

1. You either brazenly lie, or,
2. You really believe Apple fully supports more than 1 release at a time.
<https://i.sstatic.net/XgbX3.jpg>

Since Chris and you can't answer this simple question, even now...
Q: Does Apple publicly state they fully support only one release at a time?
A: Yes or no.

I'm beginning to realize fundamentalist zealots didn't lie after all.
*You actually _believe_ Apple simultaneously fully supports >1 release!*
<https://i.sstatic.net/QbnWs.png>

In other words, you're all to the left of Mount Stupid on the
Dunning-Kruger scale, which is people who know absolutely nothing but who
feel they know everything - which is all your strange religious zealots.]
<https://i.sstatic.net/wAbpc.jpg>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

On 2024-07-07, Andrew <andrew@spam.net> wrote:

Chris wrote on Sat, 6 Jul 2024 23:30:21 -0000 (UTC) :

Witness your own post here, Chris, saying exactly that.
<https://www.novabbs.com/computers/article-flat.php?id=15606&group=misc.phone.mobile.iphone#15606>

You must have some form of comprehension disability. Any english speaking
person can understand that what you claim is at odds with what I wrote.

Jolly Roger wrote on 7 Jul 2024 02:06:58 GMT :

The fact is that I'm beginning to think you didn't lie, Chris.

Not a fact. You lose.]

Holy shit! You didn't lie!

Indeed. Here are FACTS you want us to ignore:

Open source vulnerabilities remain unpatched for decades <https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
---
A new report reveals an enormous number of identified open source vulnerabilities remain unpatched for 10 years and longer, often because organisations have no idea what open source code they are using.
.
.
.
With software developers routinely taking code from open source
repositories to embed in their company's products to speed up the
development process, saving time and money, manually tracking
components, their versions and their vulnerabilities is way beyond the capabilities of most organisations.

The report recommends all organisations invest in an automated solution
for identifying and patching known vulnerabilities. "You can't patch
software if you don't know you are using it," the authors point out.
---

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

Jolly Roger wrote on 7 Jul 2024 03:22:42 GMT :

Indeed. Here are FACTS you want us to ignore:

Open source vulnerabilities remain unpatched for decades <https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
---
A new report reveals an enormous number of identified open source vulnerabilities remain unpatched for 10 years and longer, often because organisations have no idea what open source code they are using.
.
.
.
With software developers routinely taking code from open source
repositories to embed in their company's products to speed up the
development process, saving time and money, manually tracking
components, their versions and their vulnerabilities is way beyond the capabilities of most organisations.

The report recommends all organisations invest in an automated solution
for identifying and patching known vulnerabilities. "You can't patch
software if you don't know you are using it," the authors point out.

The only facts we need to know are two undeniably salient facts, JR.

1. Apple touts that their ecosystem provides safety & security.
2. Yet Apple apparently has never even tested whether that claim is true.

In fact, it's obvious that Apple didn't even know how vulnerable their ecosystem was for millions of mac/iOS apps for an entire decade, JR!

With that in mind, your excuse is that Apple is incompetent at testing?

HINT: If security researchers can find this flaw, why then can't Apple?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

On 2024-07-06 23:36, Andrew wrote:

Jolly Roger wrote on 7 Jul 2024 03:22:42 GMT :

Indeed. Here are FACTS you want us to ignore:

Open source vulnerabilities remain unpatched for decades
<https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
---
A new report reveals an enormous number of identified open source
vulnerabilities remain unpatched for 10 years and longer, often because
organisations have no idea what open source code they are using.
.
.
.
With software developers routinely taking code from open source
repositories to embed in their company's products to speed up the
development process, saving time and money, manually tracking
components, their versions and their vulnerabilities is way beyond the
capabilities of most organisations.

The report recommends all organisations invest in an automated solution
for identifying and patching known vulnerabilities. "You can't patch
software if you don't know you are using it," the authors point out.

The only facts we need to know are two undeniably salient facts, JR.

1. Apple touts that their ecosystem provides safety & security.

And it does.

2. Yet Apple apparently has never even tested whether that claim is true.

This is the comment of a liar or an ignoramus...

...or, most likely, both.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

badgolferman wrote on Sun, 7 Jul 2024 12:02:22 -0000 (UTC) :

This situation reminds me of the Ford Explorer rollover debacle. Ford
blamed Firestone and Firestone blamed Ford. In reality they both had a
major part in the whole thing. Firestone tires were separating at the tread and Ford Explorers had weak suspensions and high center of gravity. Both of those caused the exceedingly high number of rollovers and deaths.

Whom did the customer purchase the vehicle from, Ford or Firestone?
The answer is Ford. So this is purely a Ford ecosystem problem.

To wit, this huge security hole is purely an Apple ecosystem problem. https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection

What kind of ecosystem is so primitive that ANYONE ON THE PLANET could
modify any of three million iOS/macOS apps at will - whenever they want?

For ten years!

Take your pick as to whom to blame, but it shows neither company performed adequate testing together or merely ignored warning signs.

If Apple did NOT tout that their ecosystem provided safety and security, we could let Apple off the hook for never bothering to test that claim.

As it is, it's clear that the one thing the primitive Apple ecosystem does
NOT provide, is safety & security.

I wonder if these zealots realize ANYONE ON THE PLANET FOR TEN YEARS could inject ANY CODE THEY WANTED TO INJECT into over three million iOS/mac apps.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.sys.mac.system, comp.sys.mac.advocacy XPost: alt.privacy

On 2024-07-07 20:12, Andrew wrote:

badgolferman wrote on Sun, 7 Jul 2024 12:02:22 -0000 (UTC) :

This situation reminds me of the Ford Explorer rollover debacle. Ford
blamed Firestone and Firestone blamed Ford. In reality they both had a
major part in the whole thing. Firestone tires were separating at the tread >> and Ford Explorers had weak suspensions and high center of gravity. Both of >> those caused the exceedingly high number of rollovers and deaths.

Whom did the customer purchase the vehicle from, Ford or Firestone?
The answer is Ford. So this is purely a Ford ecosystem problem.

You get that cars (physical products) aren't the same as software...

...and that your analogy is fatally flawed as this is a tool used to
build an accessory to the product that Apple sells...

...right?

To wit, this huge security hole is purely an Apple ecosystem problem. https://www.darkreading.com/cloud-security/apple-cocoapods-bugs-expose-apps-code-injection

What kind of ecosystem is so primitive that ANYONE ON THE PLANET could
modify any of three million iOS/macOS apps at will - whenever they want?

For ten years!

Take your pick as to whom to blame, but it shows neither company performed >> adequate testing together or merely ignored warning signs.

If Apple did NOT tout that their ecosystem provided safety and security, we could let Apple off the hook for never bothering to test that claim.

As it is, it's clear that the one thing the primitive Apple ecosystem does NOT provide, is safety & security.

I wonder if these zealots realize ANYONE ON THE PLANET FOR TEN YEARS could inject ANY CODE THEY WANTED TO INJECT into over three million iOS/mac apps.

I wonder if you realize how many unsupported assumptions you've made in
that sentence.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)