Not really a possible scenario in my opinion. I don't think the apps are stored where the portal site is or they would shut the App Store down.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Developer Center Experiences Daylong Outage
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not really a possible scenario in my opinion. I don't think the apps are stored where the portal site is or they would shut the App Store down.
I don't think they could upload the App from the portal site, but the following:
* Obtain login details to Apple developer portal ( for example FB )
* Download provisioning profiles for the FB App
* Download the FB App from regular App Store
* Insert malicious code into FB App
* Resign using the previously stolen provisioning profiles
* Use same login details to log into iTunes Connect
* Submit the modified FB App
Possible? Perhaps, I'm definitely no expert.
I don't think they could upload the App from the portal site, but the following:
* Obtain login details to Apple developer portal ( for example FB )
* Download provisioning profiles for the FB App
* Download the FB App from regular App Store
* Insert malicious code into FB App
* Resign using the previously stolen provisioning profiles
* Use same login details to log into iTunes Connect
* Submit the modified FB App
Possible? Perhaps, I'm definitely no expert.
I think about 2 bullet points are possible, though unlikely. Submitting an app puts an app through an automated review process that finds various methods of unauthorized API use and unapproved OS access.
Then it needs approved through a manual process which includes the step to move it to the App Store repository which I'm pretty sure occurs outside the developer portal.
I'm thinking its a hosed up release and effed up the DB. DBs are always a bitch to update but you never know. It could be a more serious issue with security. Just think occam's razor suits this situation.
Heart starts racing, brow sweats, you go fast trying to fix and figure it out before anyone notices. And that just for a site of 80 customers. LOL
----------
Done a few releases in my day. Screwed up a few too. Not this bad though. Haha.
----------
I can tell just from reading your reply that you know more about this than I do
Done a few releases in my day. Screwed up a few too. Not this bad though. Haha.
Not taken down by choice, perhaps damaged beyond repair?... assuming this is indeed the work of crackers. And it's not just videos. It's nearly everything tied to the developer portal that we have no access to. Apparently many of these resources reside on the same servers, so an attack on one would affect the others as well.
The Problem with Apple's infrastructure appears to be that they are not using well-established technologies. There are scalable, rock-solid solutions available, but it seems Apple does continue to eat their own dog food.
WebObjects in 2013 ...
I'm not even biased towards one, but there's
J2EE
Python
Ruby
Perl
Scala
If you employ the right people, all of the above can be used to offer load-balanced, reliable and fast internet services.
My guess it that all the components are so deeply entangled that nobody dared to try to go for a green-field approach and reimplement iTunes Connect for example.
WebObjects in 2013 ...
I'm not even biased towards one, but there's
J2EE
Python
Ruby
Perl
Scala
If you employ the right people, all of the above can be used to offer load-balanced, reliable and fast internet services.
My guess it that all the components are so deeply entangled that nobody dared to try to go for a green-field approach and reimplement iTunes Connect for example.
That is irrelevant to my argument: You misunderstand what "the cloud" is (at least what the term "the cloud" is used for normally).
It's no spin. I didn't state otherwise. I just said the developer member center is not what normally would be referred as "the cloud" so the comment about apple not getting "the cloud" (while true) has no bearing in this discussion.
I won't touch the rest of the reply, as it's doubly irrelevant and manages to pile even more of these memes (dilluting, at the same time, the real damage Apple's misses may have in their larger objectives).
Speaking from experience; I can relate. Our company refuses to advance in technology because the complexity and priorities. We are limited by budget and man power though. Apple could probably hire 50 people to get it done in a few months to 6.
Jesus its still down. Gotta be the longest complete outage we've had across ANY Apple service hasn't it?
Gotta be a major security problem for them to be taking this long, and to have gone to the trouble of having to put together a script to extend accounts too.
I know we likely won't ever hear what's happened (or rather, happening) but it must be something pretty bad.
I think its safe to say we can rule out server, network and data corruption issues at this point. Security is really all I can see it being now, with it being down so long.
----------
Sadly throwing more developers at a project usually had the complete opposite effect. Most of the time you're way better off with a small, controlled team than a medium to large team, where more issues can be introduced.
I cant imagine converting the entire iTunes Connect infrastructure can or will be a 'simple' task thats for sure. It'd have to be a case of replicating all the API's needed, then building a new frontend to sit on top of the existing databases. Given that iTunes Connect is only part of the structure (don't forget music, videos, podcasts, AppleID tie in, iCloud tie in, etc) it's sadly never really going to happen.
Gotta be a major security problem for them to be taking this long, and to have gone to the trouble of having to put together a script to extend accounts too.
I know we likely won't ever hear what's happened (or rather, happening) but it must be something pretty bad.
I think its safe to say we can rule out server, network and data corruption issues at this point. Security is really all I can see it being now, with it being down so long.
----------
Sadly throwing more developers at a project usually had the complete opposite effect. Most of the time you're way better off with a small, controlled team than a medium to large team, where more issues can be introduced.
I cant imagine converting the entire iTunes Connect infrastructure can or will be a 'simple' task thats for sure. It'd have to be a case of replicating all the API's needed, then building a new frontend to sit on top of the existing databases. Given that iTunes Connect is only part of the structure (don't forget music, videos, podcasts, AppleID tie in, iCloud tie in, etc) it's sadly never really going to happen.
Probably surprised because you don't know this, as it's pure speculation.
From "statement-happy Apple"? It's rare that Apple gives a statement on issues. Even rarer is that they do while the issue is happening.
I don't like it, but it sure doesn't surprise me.
Not really. Not any "lot" of traffic in Internet terms (or in "Apple Doom Scenario" terms, considering the antenna and maps snowballs of doom).
Tim Cook made a statement about the maps issue within 2 days of it becoming news?
Why expect him to be more proactive than that? (which is already tons more than Apple in the past).
I'm as frustrated as everyone here, but some of the assumptions and theories being thrown are plain ridiculous, in view of Apple's history. Come on.
No update in the world would screw up a service like this.
If we run a major update that involves data migration, we migrate each user to new databases and the application level checks at login if a user has been migrated. If not, they can still use the old interfaces until they are picked up by our migration scripts.
My guess is they need to investigate the possible attack vectors of a security breach, need to estimate the amount of compromised data and decide what data can still be trusted.
Taking down a platform for that long indicates a major flaw in security.
Redundancy can be achieved quite easily, especially when you literally own your data centers.
I'm really looking forward to a statement from Apple.
This has to be huge.
If we run a major update that involves data migration, we migrate each user to new databases and the application level checks at login if a user has been migrated. If not, they can still use the old interfaces until they are picked up by our migration scripts.
My guess is they need to investigate the possible attack vectors of a security breach, need to estimate the amount of compromised data and decide what data can still be trusted.
Taking down a platform for that long indicates a major flaw in security.
Redundancy can be achieved quite easily, especially when you literally own your data centers.
I'm really looking forward to a statement from Apple.
This has to be huge.
I don't think they could upload the App from the portal site, but the following:
* Obtain login details to Apple developer portal ( for example FB )
* Download provisioning profiles for the FB App
* Download the FB App from regular App Store
* Insert malicious code into FB App
* Resign using the previously stolen provisioning profiles
* Use same login details to log into iTunes Connect
* Submit the modified FB App
Possible? Perhaps, I'm definitely no expert.
No. You're not. Please, stop.
What you've outlined, while ludicrous, doesn't really pose any risks.
Assuming the app is submitted (at which point the real FB devs get a message, at least a week before it's approved) and it's approved (at which point the real FB devs get a message as well) then it needs to be downloaded before it can be disabled.
The FB devs can disable the version *immediately*, at any point.
So, "worst case scenario", it's unlikely even one iOS device gets to be "infected", let alone "millions".
Apple's Developer Center Experiences Daylong Outage
This isn't maps where the issue was a slow tide of negative press. This is a major outage effecting their developer program overall which is money lost to the members. Powerful players involved in the program and I'm sure they are hearing it from them as we'll as thousands of small devs such as myself.
A simple statement from them for such an outage is appropriate.
This isn't maps where the issue was a slow tide of negative press. This is a major outage effecting their developer program overall which is money lost to the members. Powerful players involved in the program and I'm sure they are hearing it from them as we'll as thousands of small devs such as myself.
A simple statement from them for such an outage is appropriate.
Apple Bug Reporter is still up.
Has anyone bugged "Entire Apple developer site got kicked in the balls" yet?
One possible explanation for the silence from Apple so far is they they themselves don't quite know what is wrong yet, and are still investigating. Still would be nice to hear something, even if it's just "There's an issue and we're checking it out as fast as we can, thank you for your patience."
Has anyone bugged "Entire Apple developer site got kicked in the balls" yet?
One possible explanation for the silence from Apple so far is they they themselves don't quite know what is wrong yet, and are still investigating. Still would be nice to hear something, even if it's just "There's an issue and we're checking it out as fast as we can, thank you for your patience."
WebObjects not well-established? You have GOT to be kidding. It may be many things, a lot of them negative. Not being well-established is far from one of them.
Yes, there are. None of what you listed is one, though. What you're listing is equivalent to Java, which is what WebObjects is built on top of.
Just to show you how clueless this comment is(*) WebObjects uses, as one of its back ends, JEE, which in reality is J2EE before it was renamed.
(*)Actually, the argument itself is not clueless. But saying the right thing out of ignorance doesn't count as being right. WebObjects is indeed a framework that feels outdated and Apple doesn't want to change it even though it should. But the arguments and options in this post make no sense.
This is usually a point of praise for any company. It's what Facebook, Google and Amazon do. How can you state it as a bad thing? The problem here is not dogfooding. It's having inappropriate food to begin with.
It's perfectly feasible, as long as the service doesn't need more. The Web Store uses it and it's perfectly suited even nowadays.
From your suggestions below, you couldn't be biased because you obviously have no clue what you're talking about.
I'm sorry to be blunt here, but you're listing programming languages and frameworks (one of which is even used in WebObjects) and saying they're better than a whole web application and service suite.
Not only that, but all of your "options" below are older than the current version of WebObjects. This becomes obvious when the cluelessness of listing languages instead of platforms is cleared.
Apple's problem is not either load-balancing, reliability or speed. It's design and expectations in a modern age. Apple's services for the most part work like services from the late 90s and early 00s, which is not unacceptable. None of this is related to the language they use.
This is the only sensible thing you've written, really.
Of course, if they ever decide to modernise their services, they can still make them unreliable and badly with all the languages you listed, just as they can make them reliable using Java or with a new version of webobjects that addresses its shortcomings. The problem is that at this stage either direction is a huge project they have yet to decide it's worth their time (this outage may be a tipping point there)
----------
This is a minor outage, being experienced only by developers. A note in the member center explaining it might happen, but I guess most we'll see is a note saying that due to the recent outage people's accounts are extended.
People in this thread getting worked up about it has no parallel in the "real" world. This is not a major anything, in the larger picture. Apple makes a statement only in issues where the perception of the majority is being affected. This is not one of those.
Only people affected are people trying to access these days for some reason. We can't know how many people is this but you can rest assured that Apple will make a public statement only if this reaches major news coverage. Other than that? We'd be lucky to get a note in the member center. For the members.
----------
This is what would be qualified as "negligible effect".
Not that it matters, as here we're treading solidly in "things that wouldn't have any effect in the member center being down"
----------
Yup. From other forums, it's even become a sort of joke. I gather there's several dozens of these reports by now.
I'm not 100% sure you are correct. If I had your apple developer login and waited until you submit an App Update, I can then log in to iTunes Connect, reject your binary and immediately upload another in its place.
I've done this quite a few times in the past (rejecting binaries that is, not logging into your account
), and I am fairly sure there is no email notification sent out when that happens.I'm not willing to bet my house on it though, but I did just search my inbox and couldn't find any such email from the past 4 years.
I'm not 100% sure you are correct. If I had your apple developer login and waited until you submit an App Update, I can then log in to iTunes Connect, reject your binary and immediately upload another in its place.
I've done this quite a few times in the past (rejecting binaries that is, not logging into your account
I'm not willing to bet my house on it though, but I did just search my inbox and couldn't find any such email from the past 4 years.
I'd also be notified that such an event via email that it was "developer rejected".