You're conflating active security blocking with certification expiration. Fail.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Expiring Developer Certificates Causing Some Mac Apps to Refuse to Launch
- Thread starter MacRumors
- Start date
- Sort by reaction score
You're conflating active security blocking with certification expiration. Fail.
I think perhaps you need to learn the difference between a REVOKED security certificate and an EXPIRED one. There's also the matter of someone like Apple taking control of my computer rather than just warning me. In other words, if I want to run WindowsXP for some reason (e.g. to run an old game or because I only use it for old games and never 'upgraded' to a newer OS for that reason) it should be up to ME if I want to run it, security risks and all, not someone like Microsoft. I even have Windows98 available in VMWare Fusion. These are essentially sand-boxed into a virtual drive with no outside access. But if Microsoft simply takes the stance they are a security risk and forced shut them all down, how do you think the general populace would react? It's MY computer. They need to stay the frack off it without my permission. Even Firefox can be overidden for security risks for older Flash versions.
As for Transmission, older versions weren't trojans. The whole web site was hijacked as I recall. The point is your example is null and void because the old versions were still fine. If anything, Transmission needed better internal security checks before updating (and another good reason to not update something the day it comes out if for unknown bugs if nothing else). The point is these should be and need to be USER decisions, not corporate decisions. If you want to set your Mac to "Only Do What Apple Wants" in Gatekeeper, be my guest. Them taking the option away from me in Sierra (except from the shell) to take control of my own security is 100% BS. Apple is not on the hook for my decisions in any case.
Flash is not a good example because they already give you the OPTION of auto-updating, being notified or leaving it up to you. That is how it should be in my opinion.
Besides, not all software is an Internet player. Many non-net games don't access the Internet period or update themselves. That wouldn't stop this Apple bug from affecting them too regardless.
People are funny, talking about what if the dev dies or something... I mean the last thing he would care about in his deathbed is how user will react about is SW not being upgraded / not working anymore 
.
Hey what if earth implode?? I won't be able to play flappy bird!!!! Damn mother nature how dare you make me stop playing .....
.Hey what if earth implode?? I won't be able to play flappy bird!!!! Damn mother nature how dare you make me stop playing .....
The developers are just trying to be nice about this. It's a bug in macOS and not their fault.
Provisioning profiles expire all the time. It should make no difference to an already signed app.
People are funny, talking about what if the dev dies or something... I mean the last thing he would care about in his deathbed is how user will react about is SW not being upgraded / not working anymore
Hey what if earth implode?? I won't be able to play flappy bird!!!! Damn mother nature how dare you make me stop playing .....
You're right. The developer WON'T CARE if he dies or a corporation goes under, etc. But I the consumer using their software that suddenly stops working WILL CARE if I want to use the existing version!
In other words for those that don't seem to get it, this isn't about developers! It's about the users of the software not being able to run their programs anymore and that is ultimately Apple's fault! (face palm)
Ctrl-Click the app and choose "Open" there's a dialog and then press the "Open" button.
Yes, lets ignore all the rational discussion here, all the other reasons why a developer might go out of business or cease updating the software (or, as here, just allow a certificate to expire because there was no rational reason why this should have affected users), and focus on one poster's over-the-top comment.
You may only use your computer for playing flappy bird. Other people use them for more important things (and I don't mean Minecraft!)
[doublepost=1487675209][/doublepost]
None of which is relevant here. Application signing is there to ensure that the application hasn't been modified since it was tested & signed. It offers no guarantee against bugs and vulnerabilities. It is not supposed to give software an "expiry date".
(a) the certificates were EXPIRED, not REVOKED. As long as an application was signed before the certificate expired there is no issue if the certificate has since expired. To refuse to run in those circumstances is either a bug or defective by design.
(b) If there is a security issue with an application then it should fail gracefully, give a meaningful message, and respect the system preferences regarding the running of unsigned applications. If it just crashes with an unhelpful message then that is a bug - maybe some blame attaches to the developer, but if the OS behaviour changed without adequate notification then that one is still on Apple.
(c) If the failure is associated with access to an optional service, like iCloud, for which there may be a relevant security issue, then both the OS and the application should be capable of running without that service. If that doesn't happen then it is bad design by either Apple, the developer, or both.
(d) If Apple believe that all software should be defective by design and have an "expiry date" after which it must be updated or die, then this should be openly and transparently made known to both users and developers (so we can all switch to Linux) not introduced by the back door (possibly unintentionally).
I see you did not ignore me..... so why should I ignore another poster?
And if another reason prompt the developer to go out of business do you think he will care about the user base? (he is going out of business...that's his priority!)
Should it affect the user ....may be not, will it? Yes, I paid for lots of app that thanks to Apple / Developer not updating it are useless, but you don't hear me b about it!
Show must go on, next please!
Ahh the good old "gentle" insult.... yep not falling for that
p.s. I was making a joke...
Last edited:
What is disappointing from 1password is their silence. As a customer I have not received anything from them telling there is a problem and the work around. You have to search the Internet. I thought a quick email to the customers saying , go to our web site and do this. That would have been more appropriate. I am sure many people that don't look or search are scratching their heads wondering why it is not working..
Hi there. I work for AgileBits, makers of 1Password.
There are two situations:
1. Users who have the broken version still running. This will continue to run and an automatic update will eventually appear.
That window includes a link to the instructions on how to update. This automatic update is delayed by something like 30-60 seconds so it doesn't get in the way of you typing in your master password. However, every user will eventually see the automatic update window which will fail unless they manually update. The update window has red lettering to draw attention to it.
2. Users who cannot update with the updater because the app is not running (say after a restart of their computer) will not get any warning at this time. They will however encounter trouble and we hope that many will find their way to our support page. This is also part of the reason why people like myself are out here looking for users who are specifically encountering trouble. In an attempt to reach as many people as we can.
We haven't been silent about it though:
* We've posted a blog post about it
* Mentioned it on all of our social media (Facebook, Twitter)
* It's at the top of our support page
* Stickied on our support forums
* Bolded and red lettered in the update window (for those that can still get to it)
* News sites like MacRumors have picked up on it
Unfortunately notifying all users is difficult. We don't have contact information for all of our users. And many of those users have not opted into being notified via newsletter or similar from us. I wish it were as easy as just pressing a few buttons to contact everyone but that's simply not the case.
We're doing our very best to reach out to users. We will probably mention this in our next newsletter as well, though I don't know when that might go out. We're trying to not also flood ourselves with support. It doesn't help to have thousands of people looking for help at the same time and then we can't reply to everyone. It's a tricky situation and we have to try to be smart about how we help our users in this situation.
I'm sorry you feel we are being silent but I assure you we aren't. If you have suggestions for how we could better handle this I'm open ears.
Edit: I added links to each of the places I can publicly link to for where we've been notifying users.
Last edited:
As a customer every so often I get an email from Dave. So you do have a database of customers. That would have been a head start to send the information. In my case, as the same as all the customers that had the problem was to start to search on the internet. You are still waiting for customers to be proactive and searching. Rather than reaching out in your database to contact people.
I am glad you 'probably' mention in your next newsletter. Why aren't you reaching out to the customers now? Mistakes happen but it how you respond to mistakes that makes show how you treat customers.
I'm glad you get the emails from Dave. Did you know that you opted into that by signing up? Not every user of ours has signed up for the newsletters. This is what I meant in the previous reply to you that we don't have a way to contact all of our users.
In addition to that, there are rules regarding spam that various newsletter sending companies, and email hosts, have to follow. We can't just email all of our users, only those who have signed up to receive emails from us. When we're talking about millions of users there's a lot of room for us to be reported for spam and losing our ability to send users newsletter emails. It's something we have to be aware of. Also keep in mind that users in this newsletter group may not even be Mac users or they may have purchased from the Mac App Store, which means they'd be getting emails about things that do not impact them.
Our newsletters are also sent quarterly, out of respect for our users so as to not abuse their willingness to receive information from us. We're trying to be good people and not abusing the relationship we have with our users. This is not to say that our users don't want to know about this issue, but standing by our quarterly email promise, this is part of the equation that we have to consider. If we break this promise what does that say? You can argue it may be for their own good that we reach out, but that also has a negative impact.
The other part is that we can very easily make things worse for our users, and ourselves. We currently have a pretty large backlog of customers waiting for help. This is going to take days to catch up on at the very least. If we sent a newsletter today the new users who write in will have to wait several days to get a response. This doesn't seem like a great experience for our users. Perhaps less pleasant than 1Password not working for them, but combined with the above, we just need to be mindful of all the different issues that can present themselves.
It's clear you're not happy with our response to this. I'm sorry you feel that way, I really do. I want nothing more than to help all of our users, but it's quite different being on our side of the fence and trying to keep things manageable both for our own good and for our users. Nothing hurts me more than seeing upset customers. We're all very aware that the reason we get to do what we do is because users like yourself have purchased 1Password. If not for that I wouldn't be able to do what I love. But there is often a lot more at play than what you might see on the surface.
Sorry again for the trouble. Right now I think we are doing the right thing, admittedly I have information that isn't available to you so it may not seem like it from your perspective. Hopefully we can share some of this information in the technical post mortem blog post that explains the details on what happened.
Hi all,
Just wanted to mention that we have post our follow up blog post that includes some additional technical details that may be of interest:
https://blog.agilebits.com/2017/02/...files-and-expiration-dates-the-perfect-storm/
If anyone has questions I'm happy to take a shot at getting you answers. But reply to the blog post might be the best bet as we are actively monitoring that. If you don't see your comment on the blog post, don't worry, we have fairly strict spam filtering there so it may have gotten caught, it'll be approved and replied to with each review we do on the comments.
Again, to anyone impacted we're really sorry. If you're still having difficulty please reach out and I'll get you up and running again.
Just wanted to mention that we have post our follow up blog post that includes some additional technical details that may be of interest:
https://blog.agilebits.com/2017/02/...files-and-expiration-dates-the-perfect-storm/
If anyone has questions I'm happy to take a shot at getting you answers. But reply to the blog post might be the best bet as we are actively monitoring that. If you don't see your comment on the blog post, don't worry, we have fairly strict spam filtering there so it may have gotten caught, it'll be approved and replied to with each review we do on the comments.
Again, to anyone impacted we're really sorry. If you're still having difficulty please reach out and I'll get you up and running again.