Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Engadget)   Bobby Tables, meet Rachel True   (engadget.com) divider line
    More: Fail, Operating system, Computer, Mac OS, author Rachel True, Boolean logic, Computer software, Customer service, latest problem  
•       •       •

2156 clicks; posted to STEM » on 07 Mar 2021 at 8:30 AM (4 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



68 Comments     (+0 »)
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | » | Newest | Show all

 
2021-03-07 6:50:38 AM  
Apple make a mistake? That's unpossible!
 
2021-03-07 7:56:56 AM  
The fact that their code has evaluated the string name field at all means that there could be other vulnerabilities, Apple should look at that right away.
 
2021-03-07 8:34:12 AM  

KarmicDisaster: The fact that their code has evaluated the string name field at all means that there could be other vulnerabilities, Apple should look at that right away.


They turned it over to John Endlessloop, I'm afraid.
 
2021-03-07 8:41:27 AM  
There are times when strong and explicit typing are good.  This is one of them.
 
2021-03-07 8:46:57 AM  

KarmicDisaster: The fact that their code has evaluated the string name field at all means that there could be other vulnerabilities, Apple should look at that right away.


Good thing I haven't signed up for iCloud.

My last name is rm -rf *, but I pronounce it "Throatwobbler Mangrove"
 
2021-03-07 8:48:24 AM  

FrancoFile: There are times when strong and explicit typing are good.  This is one of them.


Coding and Chuck Tingle products?
 
2021-03-07 8:53:36 AM  
FrancoFile

typing are good

"Strong" and "explicit" are adjectives.
 
2021-03-07 8:55:54 AM  

Marcus Aurelius: KarmicDisaster: The fact that their code has evaluated the string name field at all means that there could be other vulnerabilities, Apple should look at that right away.

They turned it over to John Endlessloop, I'm afraid.


Allison While
 
2021-03-07 8:57:53 AM  

Larva Lump: FrancoFile

typing are good

"Strong" and "explicit" are adjectives.


Strong typing (a feature of the language) and explicit typing (a coding best practice) are two different things.  I should have been more explicit when I wrote that.

Better?
 
2021-03-07 8:58:13 AM  

Larva Lump: FrancoFile

typing are good

"Strong" and "explicit" are adjectives.


(strong + explicit) typing == (strong typing) + (explicit typing)

/it was my understanding that there would be no math
// :P
 
2021-03-07 9:05:30 AM  
Hi Rachel True, I'm null, how YOU doin?
 
2021-03-07 9:05:52 AM  

KarmicDisaster: The fact that their code has evaluated the string name field at all means that there could be other vulnerabilities, Apple should look at that right away.


Yes, they should.
 
2021-03-07 9:06:18 AM  

FrancoFile: There are times when strong and explicit typing are good.  This is one of them.


True that.
 
2021-03-07 9:06:47 AM  

xanadian: Larva Lump: FrancoFile

typing are good

"Strong" and "explicit" are adjectives.

(strong + explicit) typing == (strong typing) + (explicit typing)

/it was my understanding that there would be no math
// :P


Whenever strong and explicit have an association in my house, I'm usually watching porn.
 
2021-03-07 9:07:13 AM  

xanadian: Larva Lump: FrancoFile

typing are good

"Strong" and "explicit" are adjectives.

(strong + explicit) typing == (strong typing) + (explicit typing)

/it was my understanding that there would be no math
// :P


There is always math.
 
2021-03-07 9:08:52 AM  
FrancoFile

Better?

Click on the full stop on my comment.
 
2021-03-07 9:08:58 AM  

null: Hi Rachel True, I'm null, how YOU doin?


/dev/hd0 wants you to stay away from his damn partitions is how she's 'doin'.

/damn null for nothing always takin my bits
 
2021-03-07 9:10:28 AM  

Larva Lump: FrancoFile

Better?

Click on the full stop on my comment.


I clicked it.  It asked for a credit card number.  I gave them yours.  I hope that was OK.
 
2021-03-07 9:11:41 AM  

Marcus Aurelius: null: Hi Rachel True, I'm null, how YOU doin?

/dev/hd0 wants you to stay away from his damn partitions is how she's 'doin'.

/damn null for nothing always takin my bits


Fark user imageView Full Size


There went my chances anyway.  Dammit.
 
2021-03-07 9:24:21 AM  
Marcus Aurelius

I clicked it. It asked for a credit card number. I gave them yours. I hope that was OK.

How did you know my card number was **** **** **** ****? Are you a wizard?

(This is getting silly.)
 
2021-03-07 9:30:31 AM  
Spandau Ballet - True (HD Remastered)
Youtube AR8D2yqgQ1U
 
2021-03-07 9:31:27 AM  
I have an idea for Ms True:

This may sound crazy but trust me. If you edit your name on your Mac it doesn't affect your name in the real world. It's true!! Perhaps you can change it, and it will be a secret between you and your laptop.

/b b but Apple should fix their stuff!!
//while true, do you want use your laptop?
///done
 
2021-03-07 9:34:29 AM  

null: Marcus Aurelius: null: Hi Rachel True, I'm null, how YOU doin?

/dev/hd0 wants you to stay away from his damn partitions is how she's 'doin'.

/damn null for nothing always takin my bits

[Fark user image 425x501]

There went my chances anyway.  Dammit.


Have you pursued Ms. Undefined?  You'd make a lovely couple
 
2021-03-07 9:43:19 AM  
At least its not self-inflicted, like the people who think "NO TAG" makes an awesome vanity plate for their car
 
2021-03-07 10:00:30 AM  
Gotta be a javascript thing. This would be next to impossible in a properly typed language.
 
2021-03-07 10:02:11 AM  

Vlad_the_Inaner: At least its not self-inflicted, like the people who think "NO TAG" makes an awesome vanity plate for their car


Hey listen here...
 
2021-03-07 10:03:41 AM  
images-na.ssl-images-amazon.comView Full Size
 
2021-03-07 10:15:16 AM  
It funny that a $2 trillion dollar company could have such a mistake.

Although Ms. True is looking pretty good for 54.
i.pinimg.comView Full Size
 
ZAZ [TotalFark]
2021-03-07 10:29:03 AM  
you'd have to type it a specific way to reproduce the problem

Like in lower case? With quotation marks? Backquotes? ${True}? '); true? Please explain.
 
ZAZ [TotalFark]
2021-03-07 10:30:49 AM  

ZAZ: you'd have to type it a specific way to reproduce the problem

Like in lower case? With quotation marks? Backquotes? ${True}? '); true? Please explain.


I should have paid more attention.  I read again.  It's the first one.  If your name is true, in lower case, you lose.  Probably also if your name is false.
 
2021-03-07 10:34:46 AM  

null: Marcus Aurelius: null: Hi Rachel True, I'm null, how YOU doin?

/dev/hd0 wants you to stay away from his damn partitions is how she's 'doin'.

/damn null for nothing always takin my bits

[Fark user image 425x501]

There went my chances anyway.  Dammit.


A nulled.
 
2021-03-07 10:59:53 AM  

FrancoFile: There are times when strong and explicit typing are good.  This is one of them.


What strong and explicit typing may look like:

Fark user imageView Full Size


Fark user imageView Full Size
 
2021-03-07 11:06:08 AM  

Larva Lump: Marcus Aurelius

I clicked it. It asked for a credit card number. I gave them yours. I hope that was OK.

How did you know my card number was **** **** **** ****? Are you a wizard?

(This is getting silly.)


Man, just this morning I was annoyed by how over-featured, slow, and annoying the web has gotten / what sites demand from clients.

But that's one tech advance I can't argue with.  Used to be only SSNs and passwords got blocked automatically.  Some shadier sites do it client-side now, but I'm sure Fark is on the up-and-up.  Let's check.

***-**-****
*********************

/ was gonna make a "GOTO 10" joke
// old
/// < deleted because one character was entered wrong from the magazine article code >
 
2021-03-07 11:07:18 AM  
Interesting. "Yes" is a surname, albeit likely extinct. "No" is still around. How many other potentially troublesome surnames are there?
 
2021-03-07 11:14:43 AM  

Larva Lump: Interesting. "Yes" is a surname, albeit likely extinct. "No" is still around. How many other potentially troublesome surnames are there?


Zero.
 
ZAZ [TotalFark]
2021-03-07 11:14:49 AM  
Different situation, but Verizon's computer wouldn't open an account for somebody I know with a last name "Fu" because FU tripped the profanity filter

F--- Y--, Verizon.
 
2021-03-07 11:17:21 AM  

Vlad_the_Inaner: At least its not self-inflicted, like the people who think "NO TAG" makes an awesome vanity plate for their car


Better than the guy who used NULL for his license plate:
Wired link
Arstechnica link
TheVerge link
 
2021-03-07 11:28:28 AM  

SFSailor: Larva Lump: Marcus Aurelius

I clicked it. It asked for a credit card number. I gave them yours. I hope that was OK.

How did you know my card number was **** **** **** ****? Are you a wizard?

(This is getting silly.)

Man, just this morning I was annoyed by how over-featured, slow, and annoying the web has gotten / what sites demand from clients.

But that's one tech advance I can't argue with.  Used to be only SSNs and passwords got blocked automatically.  Some shadier sites do it client-side now, but I'm sure Fark is on the up-and-up.  Let's check.

***-**-****
*********************

/ was gonna make a "GOTO 10" joke
// old
/// < deleted because one character was entered wrong from the magazine article code >


hunter2
 
2021-03-07 11:34:22 AM  

Larva Lump: FrancoFile

Better?

Click on the full stop on my comment.


Are you trying to be pedantic?  I know what data types are.

Ruby is strongly typed; Perl is not.  When coding in Perl, you might need to explicitly type your variables.
 
2021-03-07 11:42:52 AM  

Marcus Aurelius: xanadian: Larva Lump: FrancoFile

typing are good

"Strong" and "explicit" are adjectives.

(strong + explicit) typing == (strong typing) + (explicit typing)

/it was my understanding that there would be no math
// :P

Whenever strong and explicit have an association in my house, I'm usually watching porn.


So Andrea True?  I knew there was a connection.
 
2021-03-07 11:44:23 AM  

iron de havilland: SFSailor: Larva Lump: Marcus Aurelius

I clicked it. It asked for a credit card number. I gave them yours. I hope that was OK.

How did you know my card number was **** **** **** ****? Are you a wizard?

(This is getting silly.)

Man, just this morning I was annoyed by how over-featured, slow, and annoying the web has gotten / what sites demand from clients.

But that's one tech advance I can't argue with.  Used to be only SSNs and passwords got blocked automatically.  Some shadier sites do it client-side now, but I'm sure Fark is on the up-and-up.  Let's check.

***-**-****
*********************

/ was gonna make a "GOTO 10" joke
// old
/// < deleted because one character was entered wrong from the magazine article code >

*******


Works like a charm!
 
2021-03-07 12:02:37 PM  

Larva Lump: Interesting. "Yes" is a surname, albeit likely extinct. "No" is still around. How many other potentially troublesome surnames are there?


drbarbarabergin.comView Full Size

/ Mr Dotcom has had problems recently
//and APTs are still using his infrastructure to store stolen data
 
2021-03-07 12:07:54 PM  
Apple doesn't care, cbeause they are still getting paid to provide zero service.
 
2021-03-07 12:28:19 PM  

Wine Sipping Elitist: This may sound crazy but trust me. If you edit your name on your Mac it doesn't affect your name in the real world. It's true!! Perhaps you can change it, and it will be a secret between you and your laptop.


Fark user imageView Full Size
 
2021-03-07 12:34:18 PM  

Larva Lump: How many other potentially troublesome surnames are there?


Considering this is just a boolean value throwing up errors, conceivably just about any conditional statement, operator, SQL statement, special character, or global variable would fark it up. Which could potentially be hundreds of words.

This is what happens when you code in Javascript, which handles type declarations very VERY poorly.
 
2021-03-07 1:08:31 PM  

Cthushi: Vlad_the_Inaner: At least its not self-inflicted, like the people who think "NO TAG" makes an awesome vanity plate for their car

Better than the guy who used NULL for his license plate:
Wired link
Arstechnica link
TheVerge link


Errrrr
 
2021-03-07 1:10:28 PM  

FrancoFile: There are times when strong and explicit typing are good.  This is one of them.


Not when your "typing" is done as part of validation on serialized data without knowledge of the actual type for each field, and merely assumes the type because the serialized field is "True" and either rejects it because it is quoted and not case matched, or transforms it to an unquoted true before it is deserialized.

I chalk this up to Apple's use of shiny new things, or really, in this case, making shiny new things to keep developers locked into their platforms, resulting in code that has absolutely no mature and time tested codebases and libraries to leverage. Developers stuck having to constantly re-invent the wheel just so the corporate overlords can force devs to "think different" will probably write a lot of bad code.

I didn't like C# or the whole .NET thing when it first came out... and Microsoft had a bad habit of constantly moving to new things after Visual Studio 6.0... OLE? COM? DCOM? XML?... but after 20 years, they stuck with the .NET platform, and it is amazingly solid now; there is also a wealth of examples, knowledge, tutorials on the internet today for C# development. Meanwhile, Google and Apple constantly throw curveballs in the form of new languages and frameworks, seemingly just to be contrarian with the rest of the industry.

There is something to be said for maturity and quantity has a quality all its own, particularly when you can judge packages by their popularity on most repo sites.
 
2021-03-07 1:39:21 PM  
Seems like there should be a list of words by now that you could just have automatically parsed through your code to see if it throws any errors, for every field where you can put in an alphanumeric.
 
2021-03-07 1:47:40 PM  

Vespers: Seems like there should be a list of words by now that you could just have automatically parsed through your code to see if it throws any errors, for every field where you can put in an alphanumeric.


1.bp.blogspot.comView Full Size
 
2021-03-07 1:56:02 PM  
That's the very definition of an injection vulnerability. The developer who put it in, the developer(s) who reviewed the code, the testers who beat on it, the testers who wrote the test cases... there are a lot of people at Apple who should be having a Very Bad Day over this. And that's not even considering the support folks who let it sit for six months.
 
Displayed 50 of 68 comments


Oldest | « | 1 | 2 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking





On Twitter



  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.