OS X 10.9 and Pocketpedia sync is broken

[sjk]

Excellent detailed explanation, too!

Sadly the Apple forums are down

And they were tentatively to be up before Bug Reporter, which is now up.

[DJRumpy]

It's a start. A bit surprised at the length of time they needed to plug those holes. Can't believe that researcher didn't take a better path to get the info to Apple rather than just hacking in and causing how many weeks of outages?

By the way, the beta app works fine. Looks good from here.

[sjk]

A bit surprised at the length of time they needed to plug those holes.

Apparently what's being done goes beyond just "plugging holes", some likely just more time-consuming than difficult processes, and the general public isn't going to be informed of all the details.

If Apple could have better anticipated and prepared for handling an incident like this with less severity and downtime it's more disappointing than surprising to me that they didn't, but understandable when finite resources, legacy infrastructure, and other factors (possible negligence included) contribute to increased vulnerability risks.

Can't believe that researcher didn't take a better path to get the info to Apple rather than just hacking in and causing how many weeks of outages?

All that's still a hearsay report of what happened, not definitive evidence. There are plenty of unanswered questions remaining between what "that researcher" has claimed and reality even if he's been telling the truth. One speculation is that he started off as a well-intending white hat hacker who, for whatever reasons (naivety, ego, et al.), didn't heed its rules and crossed into grey/black hat territory, then tried to backpedal after he got in too deep. Inconsistencies with his supposed actions and statements seem supportive of that sort of explanation.

the beta app works fine.

Cool!

[DJRumpy]

The responsible 'hacker' outed himself in a public apology, which is where I got that info. He is a white hat, but I think he went about it the wrong way. He was able to prove himself by posting the information of a few Apple employees. Not hearsay at this point.

I'm guessing the security issues he exposed were fairly extensive to fix though given how long it's been out.

[DJRumpy]

Here it is.

http://appleinsider.com/articles/13/07/ ... -or-damage

[sjk]

I've read several articles about Balic's antics, including the one on AI you linked to, but nothing new for the last couple days. Even if what's reported is accurate and legitimate it's not evidence that Balic is truthful. His "apology" seemed weak, not fully believing and admitting he's made mistakes with some serious current (mostly for Apple and developers) and possibly future (for him) consequences. Maybe "best" if he turns out to be a sincere guy who's just temporarily misguided with nothing more conspiratorial.

Okay, it's back to 'pedia-related topics for me.

[sjk]

Okay, it's back to 'pedia-related topics for me.

But wait, now there's this:

Apple Developer site hack: doubts cast on Turkish hacker's claims | Technology | guardian.co.uk

Even if much of that seems speculative it got me wondering (again) if ibrahim Balic might be a decoy, which is an angle to this story I haven't found discussed (yet). If that turns out to be true you can say you heard it here first.

[Conor]

I do agree that Apple took the opportunity for a full update to their login system taking advantage of the downtime and consolidate all login portals. The intermediate server URL when login into bug reporter is new. Sadly it did not mean an overhaul to the bug reporter interface that I find outdated. But in the middle of two major releases (Mavericks and iOS7) is no time to even change the background color on the bug reporter. Apple is under immense strain trying to get these updates done for the fall release. I would not be surprised if this affects the release date of OS X, as iOS 7 (due to possible hardware updates) and is a bigger priority and likely to get extra man power added from the Mac OS X team.

Thank you for testing that out so early in the Mavericks testing cycle, glad to know the Maverick issue it fixed in the beta.

[sjk]

Sadly it did not mean an overhaul to the bug reporter interface that I find outdated.

Leaving Bug Reporter in it's outdated, etc. sorry state is intentional, to discourage making bug reporting too modernly convenient.

[DJRumpy]

By the way, it looks like your bug report has made it's way into the latest beta. Seems to be syncing again.

[Conor]

Was labeled as "resolved" this morning by adding the previous behavior for apps built against anything earlier than 10.9. I have yet to test it for Apple engineers as requested, but thank you for letting me know.