Source: eclecticlight.co --- Sunday, October 08, 2017
We get few glimpses inside Apple. I think I’m more familiar with the lift buttons in its new campus than I am with how macOS engineering works. Perhaps that is just as well, because last week has given two disturbing insights into the nature of the beast. The first was, of course, the very mundane bug discovered by Matheus Mariano , in which High Sierra’s shiny new Disk Utility stored the plaintext password in place of a password hint. It’s mundane because it is the sort of bug which is very common when coding. Daniel Martin (@dmartincy) tweeted his dissassembly of the code from StorageKit, confirming our suspicions that the bug arose because the engineer writing the code had simply used the wrong variable. In the dropdown sheet for password entry, verification, and provision of the password hint, the code stored the password in place of the hint in the dictionary containing values obtained from the sheet. Martin ascribed this to a copy/paste error, which is possible, but I think that it is more likely to have arisen through Xcode’s autocomplete feature. When you type in text in Xcode, it automatically suggests autocompletions, which can be very helpful and a great aid to productivity. Let’s imagine for the moment that the password string variable was named aNewPasswordStr , and the hint string was named aNewPasswordHintStr . The engineer starts typing the characters aNewP , and Xcode pops up a long list of possibilities, with t ...
from Apple http://ift.tt/2y8B0z5
No comments:
Post a Comment