Hope so. Too many mistakes are being made with updates, most recent one is the iTunes users folder bug. And before the sympathy and oh mistakes happen all the time remember, These people get paid to do their work, not everyone is free to sit home for hours and troubleshoot.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Forgets to Renew SSL Certificate, Breaking OS X Software Update [Fixed]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Hope so. Too many mistakes are being made with updates, most recent one is the iTunes users folder bug. And before the sympathy and oh mistakes happen all the time remember, These people get paid to do their work, not everyone is free to sit home for hours and troubleshoot.
That is actually a very plausible explanation. I have seen this too, and it is actually hilarious when they realize nothing was done as long as the task that isn't complete isn't serious, but this one...is.
Apple needs to design an app where people can jot down a list of things they need to remember, with an option to add alerts when they become due. Could call it Reminders or something similar.
Just got this too and went straight to Macrumors. Not the biggest deal but we're talking about one of the biggest companies on earth with a focus on quality. This sort of stuff shouldn't happen.
Hope it's quickly resolved as the OCD in side me needs to know that my Mac is up to date
.
Hope it's quickly resolved as the OCD in side me needs to know that my Mac is up to date
.
You forgot:
Microsoft Forgets to Renew... = Yet another example of a top-heavy corporation unable to keep even simple things in check. Thank goodness Apple hasn't forgotten its user base.
Apple Forgets to Renew... = Calm down, people; non-issue. Do you even realize how much time a big company needs to address things like this?
Are you people trying to suggest that the folks at Apple are human just like you and me? Noooooooooooooooo!
This is actually untrue. The SSL Certificate is an integral part of SSL Encryption, and as such should the private key be decrypted, all data that may have been captured for years would be able to be decrypted. The longer that said key is in the open and more data that is identical sent through it, the greater the likelihood of reversing the encryption keys to store that data. In the case of software updates, who cares. In the case of credit card numbers, a lot of people. Should that key still be valid, then one would be able to transparently impersonate the destination server via a Man-in-the-Middle attack, intercepting and altering data that one would believe to be secure and authentic. Replacing the certificates every once in a while changes those keys for the conversations, thereby increasing the difficulty of reversing the encryption and otherwise mitigating risk.
There is no difference between a self signed cert that will last for 100 years and one from a trusted CA beyond the initial "do you trust this site" pop-up" that users would receive as the session is still encrypted. One just creates a cleaner experience for the users and reminds you to perform occasional maintenance.
Actually its a mitigation against certificate theft.
By keeping certificate lifespans limited, stolen certificates have a limited time during which they may be used.
Revocation lists, and other validation techniques, are reactionary. You don't know a certificate has been stolen until after someone has already impersonated you.
As the certificate are also associated with your crypto keys, it also serves as a rotation mechanism for your encryption. If you need to eavesdrop someone, you have to figure out the key pair before the certificate expires. After that, figuring out the key pair will only allow you to decrypt data that was sent 'in the past', assuming of course you could see that data and had it stored.
There are also plenty of other reasons: certificates/keys which are intended to only last for a certain amount of time due to some 'real life' factor.
A hundred billion in the bank doesn't buy quality. Experienced employees give that.
It used to be that corporations hired people to do one job, day in and day out, for years. Those people could take permanent responsibility and keep things humming.
Now they lay off senior people, outsource support, and/or move employees around like they were exchangeable parts in a machine. Penny wise and pound foolish.
It used to be that corporations hired people to do one job, day in and day out, for years. Those people could take permanent responsibility and keep things humming.
Now they lay off senior people, outsource support, and/or move employees around like they were exchangeable parts in a machine. Penny wise and pound foolish.
FORGETS!?!?!?
You pay up to 3000$ for their products and they FORGET to maintain there ****ing CERTIFICATES?!?
Seriously, WTF is happening with that company??!
You pay up to 3000$ for their products and they FORGET to maintain there ****ing CERTIFICATES?!?
Seriously, WTF is happening with that company??!
Last edited by a moderator:
Has anyone else been getting phishing Apple emails since last night?
I've gotten a handful of them asking me to upgrade my AppleID with my SSN, Drivers License and CC#. Obviously its fake, but I wonder if it related to this at all. Only started happening since last night.
I've gotten a handful of them asking me to upgrade my AppleID with my SSN, Drivers License and CC#. Obviously its fake, but I wonder if it related to this at all. Only started happening since last night.
Not related. This is an issue where Apple can no longer provide adequate proof that you are communicating with Apple servers, and not someone else that has hijacked the connection.
Your issue will come from having your email being distributed/leaked/lost by another service, such as Macrumors.
Yep, it's quite common practise, actually.
Usually such things are caught by accident, because there's not a single person that tracks or monitors the licences in use (within the company) or the SSL certificates that need to be renewed.
Usually, businesses don't even know themselves who is responsible, especially if they are big enough. If something like this happens, everyone just assumes that it's the engineers that should do it. But no one actually got told to do it, that's why they either catch it by accident or they simply "forget" about it.
But does not make for a well rounded employee. Cross training helps the employee can make the collaboration easier and how his job relates to others and how to streamline the process. It has its advantages too.
Using smaller teams have its pro's & con's just like large development teams. Working smaller teams is easier as far as collaboration and final assembly. Obviously Apple prefers a smaller one.
Moving these small teams around helps prevent monotonous boredom from repetitive tasks that challenges them in new, exciting ways that can create new idea's and innovation.
Last edited:
Laying off senior people can't be an excuse for this particular **** up. Every serious organization I've worked with has automated systems that handle all this behind the scenes. Devs request certs using a web interface - every issued cert's ops contacts/owners, its issue and expiry dates are recorded in a database and automated systems track the expiry dates using this database. The reminder notifications from the automated systems are aggressive - they even have an escalation chain if the ops contact doesn't act on them by acknowledging it and putting in a renewal request.
Beyond that I've seen some companies having URL monitors that catch multitude of errors - one of them being cert expiration. That way if there is a slip up at first level at least it is discovered early and further user impact is avoided.
But yeah, to the greater point - automation, dumbed down interfaces and other technical advances are making experienced personnel unnecessary for many tasks. Some rejoice it as automation is more reliable and the reduction in need for experienced hands leads to lower cost IT. Others who are impacted by it of course aren't happy about it.
I just love when people say things were better when Jobs was around because that's simply not true. I can give you a laundry list. Antenna gate. iPhone 4. Warped lids on the first 17" PowerBook. Cracking plastic on G4 cube. Outages when Dot Mac became MobileMe, which incidentally was a failure and Jobs had to have the system recoded and changed the name AGAIN to iCloud. I could go on....
iPod Nano scratching issue. OSX Lion....Nuff Said. OSX Leopard....Nuff Said.
I could go on.
Last edited:
This may be far fetched...
... but the timing is suspect.
I've just spent the whole day trying to get into my encrypted Time Machine backup which has suddenly decided that my user password (the same one I type dozens of times a day to get into my computer) is not the correct password.
Not only that, but the backup key isn't working either.
Could this be in anyway related? There might be some phoning-home that isn't happening as a result.... maybe?
... but the timing is suspect.
I've just spent the whole day trying to get into my encrypted Time Machine backup which has suddenly decided that my user password (the same one I type dozens of times a day to get into my computer) is not the correct password.
Not only that, but the backup key isn't working either.
Could this be in anyway related? There might be some phoning-home that isn't happening as a result.... maybe?
No. They are too busy getting along with each other and avoiding conflict. Holds innovation in check too
Last edited:
It's possible that whatever server allows the use of the backup key also has an expired certificate. It's not "phoning home", per se.