Security Train Wreck Confirms Apple’s Crapification

Yves here. Historically, one of the reasons for owning a Mac was that the Apple OS was far more secure than Microsoft’s. Microsoft had lost control of its kernel, making it vulnerable to viruses and hacks, while OSX was a proprietary version of Unix, which was rugged and more attack-resistant.

The Apple OS has gotten worse and worse with every supposed upgrade as Apple has tried to make the desktop OS integrate into its phones, which simply serves to make those machines more kludgey. I was inconceivably at least as memory constrained with 16 GB of RAM on my new-ish laptop shortly after I got it in 2016 than I was on my aged MacBook Air running a seriously out of date version of the OS with a mere 4 GB of RAM. That’s a disgrace.

Apple’s stunning security breach is yet another warning to users. Apple has gotten away with this nonsense because the Windows OS is still more cumbersome and requires more tech tinkering and Linux boxes require that users become technically proficient, when most computer owners just want tools that work, and don’t want to have to fool around under the hood. But another incident like this, and even the geekery-averse will have to think seriously about abandoning Apple.

By Michael Olenick, a research fellow at INSEAD

In an epic security meltdown last week, Apple handed the keys to anybody who could get a few seconds of physical access to a logged-in Mac regardless of what security level the logged-in person had. This also allowed ordinary users to bypass any enterprise restrictions.

First, some background. All operating systems have a hierarchal system of user security. Mac OS is a Unix variant, originally built from BSD. Like all Unix variants the top-level user, which has access to everything, is called “root.” Even people with administrative rights have fewer privileges because root is so powerful it is easy to accidentally destroy one’s computer. System administrators and computer programs sometimes need root level access and, when required, they invoke it for a short amount of time. A hacker’s holy grail is root access.

Apple allowed anybody who could touch a Mac that was logged in to gain root access and, later, invisibly control the Mac indefinitely. Our hacker would first go to System Preferences, click Users & Groups, and create a new administrative user. Then they’d click back one level and enable remote login. After the 5-10 seconds this would take they’d skedaddle, doing the rest of their work at their leisure.

Remotely, the hacker would download the contents of a hard drive or install a key logger to capture username/password combinations for more secure systems. They could add other programs making it impossible to get rid of them without reinstalling everything. They could use the microphone to eavesdrop. If the user had access to other systems the hacker might be able to quietly take control of those too through private keys stored on their computer. Only strong two-factor authentication on remote machines or, say, bank accounts would prevent a complete takeover, assuming it is enabled.

To gain root and create their user the hacker, when prompted for a password, would type root and leave the password blank. This wouldn’t work and they’d try again; the second time would work. That’s the vulnerability Apple somehow missed.

I tried this on three separate Macs and it worked. One report said it could take up to seven tries for the root/blank password trick to work. Maybe, but it always worked on the second try for me.

How obvious is the ability to change a computer with this exploit? My eleven-year-old daughter used it to remove all parental controls from her own login. She’s a smart brat kid – this made me realize she’s outgrown the need for parental controls – but also illustrates that a master’s degree in isn’t required to dream up exploits for this bug.

To their credit Apple rolled out a patch that fixed the bug about 18 hours after it was discovered. Except they later rolled out an update to the operating system and restored the bug. The original fix didn’t work a second time so Apple eventually remotely fixed all the Macs (theoretically). Of course, if a hacker created a phantom user and took control remotely the patches would not undo the fake user.

Before a well-deserved harangue about quality control, or lack thereof, I’d urge all Mac users to 1) click on the Apple menu, 2) choose Users & Groups, and 3) see if there is anybody there they do not recognize (and, if so, call Apple: your computer is hopelessly and compromised without a system wipe). If you do not have a compelling need to log in to your Mac remotely disable it: Apple menu -> Sharing -> unclick Remote Login (actually, unclick everything unless you’re sure you know why it’s clicked). To make sure the bug is patched click the lock on the user screen and replace the username with root but leave the password blank. Then try to click OK a few times. If the key eventually opens go to the Mac app store and update your Mac immediately.

Now, the harangue.

Apple – seriously?! Since the untimely death of Steve Jobs the company has been off their game. It’s not only this boneheaded move: despite a quarter-trillion dollars in the bank Apple has repeatedly failed to do anything interesting in about five years.

Maybe they’re waiting to repatriate money from Europe. Snooze. They could have purchased a European car company, no repatriation required, and had an Apple electric car on the streets by now. Tell Carl Icahn to piss off – Jobs would have – and knock it off with the stock buybacks: they’re pure waste. Apologize to employees for the oversight and build a daycare in the new $5 billion headquarters (Jobs probably wouldn’t have, but whatever). It can be a collection of low-rise buildings in the park in the center of the spaceship, a reminder about the importance of playfulness and magic. Start from scratch with an Apple watch that’s more like a customized wristband. Recognize that the sticks darting from the earbuds look ridiculous. Catch up by adding OLED’s to all iThings. Reassure the desktop group they still matter but that they have to wake up and try harder. Add touch to Mac OS and make an iMac with a pivoting stand like the Surface.

The root security bug is an obvious severe process failure but I think the flaw runs a lot deeper: Apple management just doesn’t seem to care anymore. The company lacks a passion that once fueled users even in the darkest days. Every senior person is insanely rich and just doesn’t seem to give a shit. The money might explain things but every senior person at Google, Facebook, Amazon, and Netflix is also ridiculously wealthy and they still seem to care. Even Microsoft management seems to be waking up: their Surface Studio computer is genuinely cool.

Lower level employees are friendly and competent. When the High Sierra upgrade destroyed a colleague’s computer Apple employees spent hours patiently talking to and texting her; they eventually restored it. Contrast that to Dell: family members bought my daughter a new Dell as a present from the US. It intermittently will not turn on and has been a brick for weeks. Nobody has been able to resolve the problem and Dell customer service is abysmal. But just because competitor computer makers are godawful doesn’t mean you have to be too. Besides, it makes better business sense to not nuke a computer with an update in the first place rather than providing friendly and helpful employees to spend hours restoring it.

There are countless articles comparing Apple CEO Tim Cook to former Microsoft CEO Steve Ballmer, who succeeded Bill Gates. Ballmer, like Cook, raised revenue but sat idly by while Microsoft was clobbered in search, mobile, social, cloud, and virtually every other new tech development during his tenure. Now we’re watching Cook languish. I can’t tell Siri “next song” (well, I can but it doesn’t understand). iCloud is awful. The iPhone X looks suspiciously like a Samsung Galaxy from a few years ago. And, oh yeah, my eleven-year-old rooted the family Mac in seconds.

Print Friendly, PDF & Email


    1. Christopher Dale Rogers

      Siri to Darn,

      Brexit would never have happened had the EU elite, in pursuit of its monetary union ideals, not adopted monetarist neoliberal principles, that by their very definition promote austerity, which hardly puts the people first, rather, its puts its monetary pipe dream first with tragic consequences for far too many – this has been going on since the early 80s and was put on steroids by Delors.

  1. Disturbed Voter

    It is necessary, for the modern version of wiretapping, for every digital device to be breakable by security forces. And our security forces aren’t the sharpest crayons in the box, when it comes to technology. So it has to be not too difficult to use.

    This is true of every commercial digital system. This is why China and Russia are so unhappy with American digital products (until we shared the security services back doors with them). Now any government can spy on any citizen, anywhere.

    The alternative was to limit civilians to rotary phones and slide rules. So being an attack piece on Apple this is not, it is simple security policy. Ever since wire taps were allowed on phones … or the operator or neighbor listening into your party line …

    1. nonsense factory

      One of the more blatant aspects of this involves random number generation. Cryptography uses random number generators installed in computers to generate secret keys for security purposes, allowing online banking and so on. However, it is widely alleged that NSA and other agencies have placed backdoors in the cryptography systems used (RSA). The linked article explains the details, but ultimately this is due to the flawed nature of the random number generators installed in computers.

      Now, there are true, non-predictable random number generators available, based on physical processes like radioactive decay, a simple technology found in every smoke detector. All computers could have a tiny true random number generator installed internally to aid in the generation of unpredictable random numbers, making cryptography much more secure. But, as far as I know, none do – all have some algorithm-based approach, so the random numbers generated are merely ‘pseudorandom’ and can thus be predicted. As the article linked to notes:

      It’s absolutely essential to have an unpredictable source of random numbers in secure systems that rely on them. This includes SSL/TLS, the fundamental security layer of the Internet where session keys are generated using random numbers. If you design a random number generator that allows you to predict the output and convince someone to use it, you can break their system.

      So, why aren’t all computers fitted with true RNGs? Nobody seems to know.

      1. Disturbed Voter

        All encryption should be pseudo … so that the government can get in, but no other third party. By using public wires or airwaves, you have given implied consent. This way you are legit, but safe from non-state actors. So it is essential for all legitimate private parties, to use state approved devices. In the case of Blackberry … they were pressured by India to reveal their corporate back-doors so that the Indian government could wiretap as necessary. But when people realized this, the market for Blackberry collapsed, because its false reputation was destroyed. Apple iPhone, Google Android etc were compromised at the design stage.

        1. nonsense factory

          I hope you’re being sarcastic? Because the ‘official state governments’ seem to have a habit of letting their tools run out into the wild all the time, so that criminal groups end up getting their hands on them. Big Brother is often corrupt and incompetent, and everyone ends up paying the price.

  2. William Zeitler

    This only confirms my decision a few months back to abandon Mac as my primary work OS and switch to Linux. (I abandoned Windows as my primary work OS years ago with Windows 8). Linux has come a long ways. Everything has its tradeoffs, but I’ll get over not having the latest dancing kitten applet in exchange for a machine that is stable and secure. As for the occasional app that is only available on Windows or Mac: I have a virtual machine (from VMWare) on my Linux laptop with Windows installed in it, so I can fire up Windows when needed. Ha ha Windows safely isolated in a Linux play pen! Windows and Mac definitely need adult supervision.

    1. PKMKII

      The problem with Linux as an answer is that you’re essentially telling the people with little to no technical expertise in such things, sorry suckers. A lot of users wouldn’t, even with handholding, be able to get Linux installed on their machines, let alone be able to transition from the Windows or Mac OS environment. Secure computer access shouldn’t be a privileged for the nerd-elite.

      1. Grumpy Engineer

        I would agree that many computer users would find a Linux install too intimidating (even if it’s not that bad in practice), but there is a solution for that: Ask a friend!! I’ve helped four people install Linux, and all have been satisfied. The install itself takes less than an hour. If you don’t know which of your friends knows Linux, ask on Facebook.

      2. False Solace

        It’s really not much worse than burning a CD, booting from it, and clicking Next, Next, Next until it’s installed. If you’re unable to do that much on your own, ask your 11 year old.

        1. PKMKII

          Assuming an eleven year old is available. I use the Mother-In-Law Standard, in which I ask myself, “Could my Mother-In-Law do this?” If the answer is no, then I treat whatever technological solution being offered as a gated, limited one.

          1. Tom G.

            While I will agree that your average mother-in-law probably can’t install Linux, she doesn’t have much better odds of successfully installing Microsoft Windows if needed.

            To me, the biggest difference between Microsoft Windows and Linux right now is that it’s easier to find someone who you can pay to solve your Microsoft Windows problems than it is to find someone who can do that for a system running Linux.

            1. Denise

              Hmm, Windows has come pre-installed on the last few computers I have purchased, and even the upgrades have been automatic (sometimes annoyingly so). I have installed Windows once or twice in the last few years, but that was only because I was doing distinctly non-mother-in-law stuff. Getting a new windows machine is pretty painless these days.

      3. saurabh

        People need to stop insisting they can solve their problems without any effort on their part.

        Americans did well in WWII because mechanical knowledge was so widespread. That generation, coming out of the Depression, was capable of, and took pride in, their aptitude with a wrench and their ability to rebuild a car engine themselves.

        Now we can’t even follow a simple tutorial and click a few buttons? I think not. We all need these skills; hold your own hand and get it done.

        1. Yves Smith Post author

          This is ludicrous. In a world of technology, you can’t fix cars with wrenches, and contrary to your assertion, most people back then couldn’t either. I had a grandfather who ran a machine shop. His workers had to be trained, as in they didn’t learn skills at home. And he taught course in the evening at Pratt on manufacturing basics to professionals, who needed to know something about operations as their jobs (think lawyers who needed to draft contracts) and they didn’t know how to fix things either.

          Cars are full of telematics. And thanks to the low standards of software engineering, a lot of that technology performs erratically.

      4. TheLurker

        This just isn’t true. Linux Mint, Elementary OS, and Ubuntu are all user-friendly out of the box, as are many other distributions, with clear instructions and a universe of youtube videos to guide installation.

        The hardest thing to get used to is package management and the file system hierarchy, but *most* people under 20 and over 50 (the so-called non-technical people) just need a web browser and a word processor. The Under-20s will adapt quickly. The Over-50s will stop calling to beg for help with malware and related issues.

        1. Yves Smith Post author

          I don’t agree. Virtually all people who are working need compatibility with people who are on Windows or the Mac. Their machine is not a toy for personal use, it is a “work at home” tool, particularly if a desktop box or a laptop. That already limits severely who can have a Linux box.

          Professionals and independent contractors need to be able to send and receive at a bare minimum, Word and Excel files. This is not always a foolproof operation even now. Try editing a Word doc on a Mac and send it to someone on a PC and get it back. If you are doing any outline-type formatting, it gets totally kludged. And I don’t have the time or inclination to run partitions and have to be familiar with two operating systems and keep both operating systems and the software on both reasonably current. I don’t have the time or energy for that much complexity. I have to be ruthless about my time.

          There is other specialized professional software where the Mac is behind (Dragon Dictate, which was supposedly really good on the PC before it got to be good on the Mac). Is there any music or film editing software on Linux?

          1. Jobs

            As far as music editing software is concerned, Bitwig Studio, a Digital Audio Workstation, is available for Ubuntu as well as macOs and Windows.

    2. Grumpy Engineer

      Linux has indeed progressed a long ways. When I started using it 20 years ago, I had to compile my own kernel to get my CD burner working and compile my own X-windows server to get a new video card working. Today, though, I just use the standard software. I haven’t had to go through geeky gyrations like that for a long, long time.

      Today, I enjoy fast boot times (12 seconds on a mechanical HDD, 4 seconds on an SSD), a large repository of free software that includes multiple large & useful packages (LibreOffice, Gnucash, GIMP, Audacity, Firefox, etc.), a transparent and robust update process that puts Windows Update to shame, and security that has kept me malware-free for 20 years straight.

      Linux is definitely worth a second look for dissatisfied Windows, Mac, or Chromebook users. It’s no longer for computer geeks only.

      1. Jason Boxman

        I’ve been hearing that for 20 years. As a former systems administrator of Linux systems, mostly Debian GNU/Linux, I finally grew tired of having things randomly break. A kernel upgrade for Fedora finally broke resume functionality, something about a conflict between the non-free NVidia driver and X11, so every 3rd resume X would crash and I’d loose everything.

        That took months to figure out.

        Or the time a kernel update caused my audio to MAX whenever I adjusted the volume, potentially leading to hearing damage with headphones on. A switch to Fedora from Ubuntu fixed this, I have no idea why.

        I finally bought a MBP a year and a half ago. I’ve never been happier. It Just Works.

        I wouldn’t want to dissuade anyone from trying Linux, and perhaps there are similar stories from Mac owners, but I personally wouldn’t use Linux again as a my primary OS.

    3. Blue Pilgrim

      I’ve been trying to get a Linux system operational for over 2 years, trying different distros, and could never get everything to work. I currently have a Debian installed, but when I tried to install a browser the software wouldn’t let me highlight the package — grayed out.
      I tried Ubunto and the app installer dumped everything into one usr directory with over 2300 files and I couldn’t find anything, and I was not able to get access to back up files — and they insisted I type in a magic word ‘sudo’ for everything useful. It didn’t even have a ‘find’ command installed. The OS writers obviously thought they own my machine, not me (same and Microsoft does). Did it protect the OS? No — I reformatted the disk in the end.

      I used to program professionally, but this is ridiculous. I don’t have hours every day to try to track down information on which docs apply to which versions, and are actually true. And user forums give information which often does not work and is contradictory. I need an OS I can use, not one I have to hack into like some kind of complex video game — or even get into the bash shell from the graphics shell in my current OS.

      I’m old, and not a professional programmer any more, and no one pays me to spend the time and effort to do this stuff. I still haven’t found an OS that’s works right with the newer machines, or treats users as human beings instead of geeks or morons, and doesn’t just aggravate normal people. I’m hoping that Russia, maybe with China, will break the empires unipolar hegemony and develop and release decent working and secure software — it’s a golden opportunity for them.

      1. Anon

        I to have had some issues getting certain distributions of Linux to run on a couple problem machines. Sounds like you have a hardware issue. Ubuntu*, my gold standard for “will Linux install,” has a hardware compatibility website where you can check for your specific hardware against the version to be installed; I imagine you can get there if you commented here. System76, Purism, and Dell all sell off the self Linux boxes. Linuxmint also has a distributor sell nano desktop pc’s running their distribution.

        FYI Fedora, another Linux distribution, is running a classroom where they’re running all sorts of informational events and webinars on their Fedora Magazine website.

        A note on the commands available. Linux has different commands from the sort you might find on Windows and even the more closely related macOS. The Linux kernel and the commands that drive it are in part linked to their original creator or maintainer, not a committee or company with rigid goals, so expect weird and/or frustrating commands. Like the OP said, “Linux has come a long way.” For most users, every general interaction with the terminal and bash has been replaced by a GUI in the past few years, for real. Sometimes I pinch myself, then open terminal just to make sure. Even whole distribution upgrades.

        >I’m hoping that Russia, maybe with China, will break the empires unipolar hegemony and develop and release decent working and secure software — it’s a golden opportunity for them.
        LOL, I don’t think you actually mean “secure.”
        Well then, go pirate Windows. That’ll get you closer to China or Russia. Seriously. Or download a Chinese or Russian Linux distribution. Or Android rip-off. I wouldn’t expect “secure” though.

        1. Blue Pilgrim

          It’s not hardware because different distros and versions act differently, so the machine is perfectly capable (A Lenovo ThinkServer).
          The basic problem is the chaos of all the different versions, and lack of reliable documentation — especially books, like user and programmer manuals.

          As for webinars, forums, etc., I don’t want to have to spend huge amounts of time to run a personal computer, and much of what I’ve seen turns out to be just wrong.

          When I learned C I found that the worst books are ‘beginners’ or introductory books, and had a lot of incomplete or wrong information, written by people who didn’t really know. One of them did not even know the difference between a declaration and a definition (the latter allocating memory). Many had not mastered English, much less a computer language, and were very sloppy in their writing — not so different from the ‘news’ stories we see from so-called journalists, who get critical facts wrong, or omit them.

          I’ve spent hundreds or thousands of hours trying to sort it all out, getting the real dope on a specific implementation, and finally gave up. Windows is inherently insecure, and Linux has caught much of the same disease (not differentiating the difference between code and data (like with reflection programming), or system and application software, or the difference between basic system integrity and security and the ‘outside world’ — and all of it is based on software design concepts and practice from 50 odd years ago, when even hardware was a completely different animal, with different constraints and capability. To let an email or graphic crash or infiltrate an operating system is as ridiculous as letting a gardener redo your investment portfolio or set your refrigerator temperature.

          Windows is inherently unsecure garbage, Linux is chaotic, and most all the software is unstable, under-debugged, and very badly documented. Even with Linux, and other open software, why should a user have to pour through — hack — millions of lines of complex source code to find out how it really works? It’s as bad as trying to go though the tax code and all the legislative bills, with their arcane jargon, to just competently live a normal life. Complexity is introduced without provisions for handling it, or for feedback, or good access to information about it (cf cybernetics, Umpleby, Beer, et al).

          Key sentence from OP” “The Apple OS has gotten worse and worse with every supposed upgrade as Apple has tried to make the desktop OS integrate into its phones, which simply serves to make those machines more kludgey.” and that’s part of the systemic breakdown we see everywhere, including economics and politics.

      2. TheLurker

        Ubuntu 16.04 has a system-wide “find” function that works when you hit the “Windows” key. It’s dead simple to use. I’d really recommend giving it another try. It’s Just received a raft of updates with even better features.

        As for your problem with ‘sudo’ commands, that’s kind of the point. It’s the root access that is at the heart of the above story. The command temporarily gives root access to the application to perform a needed function. That way only you are responsible for, say, installing a package or deleting a system file.

        As for your hope that China will develop better personal computing, fat chance. They have an official Linux distribution!

  3. BadTrader

    And so it starts again. Apple’s demise because others hardware is basically the same and others software is as good and getting better in the new areas like AI, voice recognition, AR/VR, even gaming. Areas Apple was too slow to jump all in because they had too many MBAs and production engineers debating stock buybacks and squeezing suppliers. All while Google abided by Larry Pages philosophy of keeping engineers making the decisions, and Amazon pushed the cloud, and Microsoft relearned what it means to be a tech company. Sure Apple can coast for awhile and copy others but the seeds of mediocrity have already sprouted. Apple never made the inroads needed into the enterprise and the fanboys are dropping like flies. The best thing Apple has going fo it now is consumer privacy protection.

    1. sylva

      That’s exactly it. Have a buddy who works at Apple as a hardware engineer. He said younger guys working in Product Management and supply chain have been repeatedly promoted while he has stayed as an engineer (non-management) for 8 years.

      It’s an American classic, actually. We promote the do-nothings while holding back the ones with technical knowledge. Office Space hit the nail right on the head. You should see the turnover rate within the engineering/cs departments at Apple or Google or Microsoft. Its pretty insane. About 3x higher than within the product management departments.

    2. Mark P.

      Apple is just a vastly overpriced consumer appliances company — vastly overpriced in terms of both stock valuations and its products — and one day not so far in the future its bubble will burst.

  4. The Rev Kev

    Was never an Apple fanboy but I respected the idea that Apple had of having a computer system where things just worked. I suppose that this is a continuation of the sentiment in the original Kodak motto of “You Press the Button, We Do the Rest.” With its lack of focus, its semi-abandonment of newer hardware and its lack of discipline it its security software, I can only conclude that the beancounters and marketing droids have taken the company over. The true believers would always buy whatever offering Apple came up with – and they did come up with some really good stuff – but forget the ravings over how this new model will have rounded corners or whatever, what happens when this generation ages and the newer one is not impressed with their offerings?
    My impression of Apple laptops is that the changes have been directed by the beancounters rather than the engineers. i.e. take stuff inbuilt into the laptop and shrink the laptop itself so that certain ports, etc are now plug-ins that Apple will sell you – for a price. This is beancounter thinking at work. And as for abandoning professional users last year, well, that will not end well. A story at seems to give the general feeling last year.
    And Apple’s lack of a daycare in their new $5 billion headquarters seems just self-defeating. I had to Google it to get more detail on this weird fact. I guess that the attitude of Apple is – and here I am heavily modifying a British Army saying – if Apple wanted you to have kids, they would have issued you with them! They will miss out on a lot of talented people that way. One last thing – I am wondering if it has been noticed what the connotation the end of the article has in the Antipodes.

    1. Christopher Dale Rogers

      Rev Kev & Yves,

      Cannot agree further with this post, specifically both the crapification of the OS and the hardware – having been a Apple Mac user since 1994 (LCii running OS 7) I can only weep that they have abandoned serious laptops and desktops in favour of mobile devices.

      Its a complete joke that the Mac Mini has not been upgraded for some three years, and still they sell it at a price point that is way too expensive from a performance level.

      I must say, in my humble opinion, OSX 10.6 was their most accomplished OS as far as desktops was concerned, great for DTP and usable with only 2GB of RAM, which is what my last iBook ran on. Most distressed at the companies dropping the ball as far as its computers are concerned, given the Mac Pro, iMac unibodies and original aluminium Mac Books were fine machines, now they are toys I’m afraid to say.

      1. PlutoniumKun

        Its kind of sad really. I’m old enough to remember early pc’s and laptops with horrible features like Wordstar. When I was first given a Mac to use in Uni in the late 1980’s it was a revelation. Masterful design in every way, genuinely a thing of beauty and incredibly intuitive. For years I was forced to use a succession of desktop Windows machines because I couldn’t afford a mac and needed compatibility with work/study Windows systems and so constantly cursed the horribleness of successive iterations of Windows. The only good aspects of Windows were those they ripped off Apple.

        I finally bought a Macbook Air 5 years ago, and while I don’t regret it, its a great machine, but its so disappointing that in many ways its less intuitive and less useful than those Macs from nearly 20 years ago. I’ve stayed with an Air and iPhone as they are marginally more secure and less about harvesting your life than Android for mobile use, but now that Apple are regressing I might well change once my current machines run out (although to their credit, they are still much better built than most of the alternatives so they physically last a long time).

        I’ll need a new desktop soon and sadly I’ll probably have to go back to Windows because of compatibility issues with my work system, not to mention cost issues. When I’ve asked my office IT about going for Linux or Ubunto I just get ‘um… we can’t guarantee it will work for our new systems’, so I’m back into mainstream land.

        1. Christopher Dale Rogers


          I attended Leicester Uni from the late 80s onwards, in both the Politics & History departments our lecturers were using the Apple Classic, which was the all in one machine with a small CRT screen, I remember well all the brouhaha about the Power PC chip architecture – those were good days and Apple was ahead of the curve. Just another iToy business now!

        2. vlade

          Buy a Mac for the HW, install Linux on it.. (well, last time I installed Windoze on it, because some stuff I had wouldn’t run on Mac).

          That all said, Mac OS is still incredibly better than W10 – and I don’t understand, sort of a secret deal with MS (like MS:”we’ll do Office on Mac, you won’t sell Mac OS w/o machine”), why Apple is not selling it.. (yes, there are PC HW issues, but most of those can be dealt with..)

    2. Knifecatcher

      I’ve never been all that impressed with the Apple “It just works” mantra for the Mac ecosystem. Far and away the biggest reason that was possible was the fact that MacOS / OSX only ran on Apple hardware, whereas Windows had a massive set of 3rd party hardware to support.

      Now Apple can’t even make it “just work” on their own hardware. Yeesh. Fortunately my company (I’m typing this on an employer provided Macbook) held off on the High Sierra upgrade so we dodged this latest bullet.

  5. Mark Alexander

    I keep hearing that running Linux requires technical knowledge and fiddling under the hood. That was certainly true a decade ago but things are much better now. I’ve got some family and friends and a local business using it (Linux Mint) now, including my 85 year old mother, and they’re doing fine.

    I volunteer at the local library and have helped people having problems with Windows 10. Now there’s a nightmare OS that defies all intuition and reason.

    1. WobblyTelomeres

      Similar story here. Got my 80 yo aunt up and running Ubuntu on her laptop when she could no longer update her aged winders, showed her duckduckgo and a few firefox extensions, and she’s having a blast.

      1. JacobiteInTraining

        Ditto here. Late 70’s Mom running on Ubuntu just fine for the last several years, using a USB cellular thingy connecting her to an MVNO for data. (MVNO because at least then I don’t have to say I am paying the big monopoly-dogs like Verizon directly, and well…the *hell* with Comcast) And she is several states away from me so its not like I have to constantly drive over to her place to ‘geek out and fix her PC’. Nope, it ‘just works’. Opera for a browser, w/various ad blockers and no-script extensions, HTML-based email client. VLC for all media.

        I personally use Linux Mint Cinnamon, and except for the rare case of a piece of hardware that is particularly obscure, its kernel has drivers for most everything included by default. (And by ‘rare case’ I mean…such as setting up an off-brand IR media remote, connecting & using a scrounged XBox Kinect as an ersatz 3D scanner, or connecting a Baofeng short wave radio to update scanning channels – then maybe some research and cmd-line in Terminal might be necessary)

        I imagine if a newcomer experiences a driver issue in a desktop Linux OS its probably a wifi driver issue at OS install time. Easily solved by either just using a regular ethernet port until everything is updated or else having a known-good 100% Linux compatible wifi USB device to plugin.

        I think that easily 95% of any standard work in Mint to configure or fix any of the usual user ‘problems’ is precisely the same as in any other OS…research & fiddling around in the GUI. For at least the last few years (and *certainly* since Windows 8/Windows 10 came out) the average PC user is likely better able to install/troubleshoot/use a Linux-based GUI OS then Windows.

        I find my work Windows 10 based laptop (ugh, retch, throws up in mouth) takes maybe 20-30% MORE ‘fiddling’ in the GUI to configure and troubleshoot then Mint because its various options are scattered and hidden from hell to breakfast in non-intuitive new menus. My work Win10 still BSODs once every week or two (company network spyware sucks, but must be endured) while Moms Ubuntu install has *never* ‘crashed’ in that way…ever…in 2 years.

        I’m under no delusion that a Linux desktop OS is any less difficult to break in to by ‘TPTB’, however at least it doesn’t have anything like the modern corporate telemetry and spyware built into it by default. LUKS full disk encryption ain’t no slouch either.

        1. Grumpy Engineer

          Yes, I fear that the only way to truly secure a computer is to disconnect it from the Internet and lock it in a safe. With a purely mechanical lock. With the security flaws we’ve seen in the Intel Management Engine and the newly exposed Minix running on Ring -3 on newer Intel chips, I truly don’t know know *how* you’d achieve absolute security while still doing useful stuff with it. [Indeed, I recently turned off the Intel ME on an older Lenovo M72e that I use as a backup server, but to my dismay, it *still* responds to pings at a second IP address acquired via DHCP. Grrrr…]

          But still, at least the Linux guys aren’t actively contributing to the problem, and I’m better off for it. I’ve helped people clean malware off their Windows machine many dozens of time. I’ve never even seen it on Linux.

        2. HotFlash

          I switched from Windoze when Bill and Carly@HP had a tiff and my HP printer would no longer work. I went to Linux (currently at Mint 17 ‘Quiana’ Cinnamon) as a dual-boot with Windows (just in case), but never go to the Windows boot anymore. The Linux app WINE runs all my Windows programs just fine, even games, incl many that I had lost to Windows ‘upgrades’. I easily found a *free* driver that let me use my cherished HP Laserjet again.

          Really, really, really, do check it out, it’s not scary.

          1. Grumpy Engineer

            Heh. I saw that happen on a friend’s Windows 10 laptop. He tried to connect an old LaserJet 1320, and it wasn’t recognized. His desperate hunt for a driver led him to accidentally install malware disguised as a driver search program. After an hour-long cleanup and a 30-minute search of HP’s website, we *finally* got it working with a fallback driver… But wow, what a pain in the tush.

            And my wife’s old LaserJet 1320 (yep, exact same model) connected on the first try with Debian Linux. No driver hunt required at all. It just worked.

    2. diptherio

      For an Apple replacement, I recommend Ubuntu MATE with the “Cupertino” desktop. Looks just like a mac, and the OS has been specifically designed to require no techy knowledge whatsoever. Everything you used to have to do through the terminal is now just a checkbox.

  6. Arizona Slim

    I have a Linux-based laptop and I am not the tech savviest person around. Works just fine for me.

    1. Carolinian

      I’m a Linux fan but Linux can be a bit daunting depending on how you choose to use it. That said, “it just works” was probably always more of a marketing seduction than an absolute reality. Computers are complicated machines. And just as we have had to not only learn how to drive our cars but also to keep the tires in shape and the oil changed, computer users need to learn the basics of how to protect themselves.

      Or alternately, per the above, get your eleven year old to do it.

      1. Arizona Slim

        I bought this laptop with Ubuntu installed. It’s a System 76 machine, and …

        … it just works.

        Wish I could say that for the Windows desktop that I still own. It’s the computing equivalent of a tortoise.

        1. Knifecatcher

          I’m intrigued by System 76 but haven’t heard any direct feedback from customers. Their office is within a couple of blocks of where I work in downtown Denver.

          For those who aren’t aware, System 76 makes and supports Linux native desktops, servers, and laptops. Seems like a nice security blanket for someone wanting to move to Linux but worried they won’t have any support.

          1. Arizona Slim

            Well, here’s a customer right here in NC Land!

            And I can vouch for their support. Even when I’ve had rookie questions like “How do you click and drag on this thing?” They’ve been nothing but gracious.

            Here’s the linky-link:

          2. William Zeitler

            I just purchased a System76 laptop myself. Support has been great and the machine itself seems solid. (Time will tell!)

  7. Octopii

    If you don’t have physical security of an asset then you don’t have network security. That’s really basic. It’s not on Apple if you left your machine unlocked and walked away.

    But leaving root essentially wide open, well, that’s astounding.

    1. Michael O

      We talked about this but I don’t think it’s practical. A good idea – yes – but there are many good ideas that aren’t going to happen in real life. In office environments people leave their computers. In conferences and meetings they leave them in locked or guarded rooms for lunch. They go to the bathroom. Like I mentioned my own kid rooted our Mac and dumped the parental controls.

      Recognizing this is why you have to verify a password before many security tasks: installing new software, creating a new user, changing rights, etc… I think that’s a reasonable tradeoff. But the rooting bug entirely undermines that framework. The tagline of the original Mac was “the computer for the rest of us.” This bug could be called “hacking for the rest of us.”

  8. kees_popinga

    I made the switch to Linux Mint 2 years ago, after Windows’ dishonest roll-out of Windows 10 (disguising a full upgrade as a security update). A company such as Think Penguin can sell you a PC and give basic support (I do not work for them). I have no tech background but found that little was needed with Mint for basic computer-y stuff like word processing, printing docs, emailing, and websurfing. It’s not fancy or “cool” — the desktop environment slightly resembles Windows XP — but it’s easy to use. For bells and whistles like audio production, I’ve actually enjoyed learning what’s under the hood and interacting with the Linux user community. It’s a whole alternate ecosystem based on honesty and generosity, as opposed to having a PC that sends your data back to Redmond and slips sneaky marketing gimmicks into the operating system.

    1. Dr. Roberts

      Linux just feels “clean”. I don’t really get mad when I do encounter problems because it feels like a miracle this gift is here in the first place.

  9. Valin

    I would second @Mark Alexander and @Arizona Slim. By now, the commercially oriented Red hat distribution, and the consumer variants in Ubuntu and Mint, Linux is at a par in usability terms to Mac OSX and Windows. In fact, since the adoption/availability of Gnome desktop environment by almost all major distributions, its possible to make the desktop environment look like a clone of Windows, or at least a distinctive cross between mac and windows.

    Traditionally, there have been important reasons beside usability which has impacted Linux adoption:

    1) Incompatibility with proprietary software (mainly industry adoptions like Adobe suits).
    2) Not the default consumer OS (laptops come with Windows pre-installed, and apple only uses apple software).
    3) Lacking marketing resources (with exceptions like Red Hat which caters to a niche market anyway).

    Hence, I do think the whole link between “technicalproficiency” and Linux use should be broken in public discourses, both for fairness in representation, and for encouraging adoption.

    If anything, Linux is pretty popular among people who cannot afford expensive software licenses, have old hardware, have underpowered hardware etc. Essentially the third world. Its an ultimate anti-crappification elixir.

    For the uninitiated, do look for the following distributions if “ease of use and aesthetics” are a priority.
    1) Any distribution with Gnome (Mainly, Ubuntu, Mint, Fedora)
    2) Elementary OS.

    1. diptherio

      I was pleasantly surprised to find, after installing Ubuntu MATE on a friend’s cheap, relatively new touch-screen laptop, that all the touch functions worked without any tweaking at all.

  10. Louis Fyne

    Linux or Windows 7 (yes, 7.) As long as you aren’t doing severe number crunching or graphics editing or tied into work programs that require Windows 10.

    I bought myself two gently owned used replacements for cannibal parts should my laptop fail (still cheaper than getting a new laptop). Highly recommend this strategy if it fits you, espeically if you like non-chiclet keyboards.

    Literally planning on using Windows 7 forever unless Bill Gates shows up and smash-grabs my laptop.

    1. Jesper

      Same for me. Linux or W7. A couple of years back I bought a refurbished business laptop to get better build quality, especially for the keyboard but the tougher case is nice to have, and it justs works for me. Performance wise I’m quite happy with what is now a 7 year old laptop and to get the same build quality I’d have to pay quite a lot more for HW performance I don’t need and software embellishments I don’t want.

      1. cm

        I’ve done that as well. Refurbished business class laptops, replace the hard drive w/ SSD and do a clean install of Windows 7. When I can’t do W7 anymore (due to Microsoft no longer selling licenses) I will switch to Mint. I’ve been using Mint on desktops for about five years and it just keep getting easier, especially if all you are doing is browsing the web and/or e-mailing.

          1. vlade

            My issue with WIn7 is no support (which technically is illegal, as the license agreement did not EOL it yet!) for newer HW.

            Which is pure MS ploy to get people move. No Windoze for me ever again, at least not voluntarily (I had to get it when I was getting my new laptop, since it comes only with Win, can’t get it OSless.)

    2. MichaelSF

      Me too. My desktop is Win7Pro x64 and it comes close to maxing out the “Windows Experience” benchmarks. It runs CAD/CAM and graphics software over multiple monitors just fine, and I have zero inclination or reason to change it to a later OS.

      A friend gave me an old Dell laptop that was junked up with malware. I wiped it and did the “go ahead, do it” install of Mint Cinnamon and it worked straight away. I don’t think it needed any extra software installed to do standard tasks. I suspect that OS would be just fine for 90% of what 85% of the users would need to do.

      There are times when I miss WordPerfect. It was so much better than the early versions of MS Word that we were switched to at work when someone new got the agency IT contract.

  11. Steve

    3 weeks ago I installed the high Sierra update on my 2012 (but new in 2014) MacBook Pro. The upgrade destroyed it. Not only did it destroy it but it corrupted my Time machine drive making restoring from my back up impossible. I was a Mac consultant years ago and have had a Mac since 1986. Apple support wasn’t much help and two trips to the Genius Bar to get a clean version os Sierra on my now erased drive. I have forensically her dropped most of my data back on but some is gone. Three others I know have now had the same issue. I have always know to be suspect of Apple’s updates and usually let them age before installing them. I’m not very happy with Apple right now.

    1. Michael O

      That’s what happened to my colleague described in the article: a few weeks ago she upgraded to High Sierra and, poof, her machine was lobotomized. After hours of fiddling, with the help of Apple, she was able to reinstall the OS with no data loss though. Time Machine showed nothing available from a backup though I’m almost sure it was turned on.

      1. Steve

        After reading about the problem I took every precaution and still disaster. After over a week of constant problems I zeroed out my drive and got Apple to install Sierra at the Store with an ethernet connection. So far everything is working a and on the bright side I learned how to restore my photos when the library is un-readable and can’t be rebuilt.

    2. Christopher Dale Rogers


      Join the cookie crew, was forced to upgrade to OS 10.12 from OS 10.10 a few weeks ago, this was a clean instal and basically lost nearly 15 years worth of emails – which is a lot, luckily I had a back-up, but to get three clean instals operational took more than 80 hrs work in total – I never recommend placing one oS on top of another & Apple make clean instal’s virtually impossible for the average Joe.

  12. flora

    with every supposed upgrade as Apple has tried to make the desktop OS integrate into its phones, which simply serves to make those machines more kludgey. -Yves

    That’s it, in a nutshell. MS has been doing the same starting with Windows 8 and its Metro interface. (Although, MS access security handling hasn’t been as bad as Apple’s latest wtf.) Both claim their end goals are creating “software as a service”; implying they both now see computers and phones as a single form of front end processor instead of stand alone and, in the case of laptops and desktops, separate fully autonomous computing machines. I think that’s what’s happened. They’re chasing market, but they don’t understand their own markets anymore. They understand what they want their markets to be, not what they are.

    I stopped updating my Mac OS several revs back. (I think they started de-contenting the OS after 10.6. I do have a newer system than 10.6) I stopped updating my pc at Windows 7. When MS ends support for Windows 7 I’ll migrate to Linux and run Windows 7 in a virtual machine.

    1. flora

      adding: Computers and tablets and phones are tools.
      Example: For some the Windows 10 OS and the latest (well, maybe not the latest) Mac OS are the best tool for the work they do. I know many people who have a pc desktop running Windows 7. That’s their workhorse computer. They also have a Windows tablet running a stripped down version of Windows 10 and they use a cloud service for data, using both when on the road to give presentations. So, different tools to accomplish different tasks. Why MS thinks its OS should be a one tool for every platform, a la a Swiss Army knife, is beyond me. If they were a car company would they design one engine that works in both a family sedan and a 1 person scooter? They might.

      1. Mark P.

        flora wrote: they both now see computers and phones as a single form of front end processor instead of stand alone and, in the case of laptops and desktops, separate fully autonomous computing machines … They understand what they want their markets to be, not what they are.

        Well, maybe. But they’re right about where things are going. Laptops are increasingly becoming just a niche like desktops have already been for a few years, and by 2025 phones as we know them will have followed them and become another niche. In the developed world, anyway.

        1. JBird

          No one mentioned the magic word, “utility.”

          We expect a certain quality of service, dependability and user-friendliness in our utilities. We don’t expect to come home and find out the power company snuck in and changed all the plug sizes in the electrical sockets, forcing us to buy all new appliances because they have a crooked deal with Best Buy. We don’t pull out of the driveway only to find the city has shrunk the lanes forcing us to buy motorcycles.
          ——Wade Reddick

          In my classes, almost every single student is Mac book, or if you’re a dinosaur like me a desktop or, if completely broke, a pc at the library.

          Everyone needs at least the processing and typing utility of a laptop because we’re doing research and cranking out papers.

          I use Apple because unlike Windows until recently it all worked well. The recent nonsense shows that they think of themselves as investors not management and staff of an electronics/computer/software/gizmo designer and manufacturing company. Idiots. You make people want to buy your great stuff and make money as a happy side benefit. If you think only about profit eventually you won’t have any profit. I think Steve Jobs was not a nice man but he knew that much.

    2. sylva

      Apple is super super super dumb.

      With $600 billion, they did absolutely no vertical integration. They still use Samsung screens, don’t build their own chips, batteries, anything really. Essentially, they are a design house – and that’s about it. For a design house, they have the most limited lineup of products I have ever seen (protected by the most amount of patents I have ever seen). Where are the TV’s? Projector’s? Where are the advanced touch tablets, like the ones Wacom makes? Where is the gear for music (every artist I know uses Mac – yet Mac seems to turn a blind eye to that audience)? I always thought of Mac as high end – yet they seem only high end in the phone market for no good reason.

      They are doing some (stupid) secretive stuff too: I have a friend who works for an automotive company. Apple literally called them one day to visit an unmarked building where all the windows were tinted. Not a single document, sign, etc had the Apple logo, not even their business cards. Apparently, Apple is in the process of making a vehicle, though what kind, etc I have no idea. And clearly they don’t want anyone else to know.

      I was somewhat shocked that Apple wants to move into the car market – it is already saturated to the 20th degree. Mercedes actually employs more software engineers than Apple (how crazy is that?)!

      I dont see a good future for Mac, though they somehow got lucky with their very much brainwashed cult following. It will be, like Microsoft, a slow decline throughout the years. One day an Asian company will no-doubt take the spot of Apple – they are better run, more willing to try new things, and have massive product portfolios to satisfy the customer. Apple is walking this weird tightrope with high end/low end phones, as they tried to stymie their loss of market cap in China and elsewhere. A stupid move no doubt – as if the Chinese gov would allow for a fair competition on their home turf, and as if their low end could compete among the many low end phone manufacturers.

      NA is sadly a saturated, low growth market nowadays much like Europe. Yet, this sentiment has not permeated to the corps as they have grown too large too quickly, thanks to the Fed lax policy over the last 3 decades. They think their largess is due to their awesomeness as the upper tiers siphon off never-before-seen amounts of wealth while suppressing the wages of their workers. Along with this, they boost their own morale (and wealth) with these corporate buyback schemes, and use the stock price as a justification of their continuing awesomeness.

      I feel like we have been living in a strange dream the last decade. Take a look outside as you drive to work and you see homeless people in places you never saw before. You see large swathes of people out of work indefinitely. You see small businesses closing down in half-empty strip malls, to be replaced with the usual Subway/Jimmy Johns/Baja Fresh/Starbucks that sometimes seem more prevalent than trees. Apple, Google, Facebook, Amazon – they have really done nothing for America if you think about it. They employ barely anyone and yet have stockpiled immense amounts while crushing all competition at the door. Do you see any competition in America anymore? I don’t. I see PE firms circling around the flailing manufacturing sector, waiting for a downturn to snap up companies, invoke “efficient workplace structures” (layoffs). I see social media startups get killed left and right through theft of idea or customer by larger forces. I see egregious bars to entry for any manufacturing startup, the kind that basically makes it clear that only extremely wealthy individuals can own legitimate businesses. Want to start your own cable company or internet service provider? You pretty much can’t – I read a massive book about a guy trying to start his own internet service to eventually realize he has to piggyback on AT&T cable lines.

      The only sector where I see people still competing in is restaurants and bars. That’s the innovation in America these days – food and drink.

      My father was able to, in the late 80’s, invest all of his savings from 4 years of working at a law firm and essentially retire at the age of 37. He was able to make enough money off of that principal to eventually put 3 children through college and fund our many family vacations abroad. He never asked me whether I could follow in his footsteps – deep down we both know that it is virtually impossible these days, with the meager savings I have, to invest in any meaningful degree.

      Apple’s slow demise is a parallel to the slow demise of the American empire – built on consumer capitalism, yet destroyed by allowing that very capitalistic dream to feed on itself.

  13. jfleni

    What almost nobody knows is that linux/unix is available from HUNDEDS of different sources- and the great majority are free, while microswift costs big bucks, and has endless problems and dangeous hacks.

    Linux is easy and simple to use and install, and yes Linux Mint is one of the best; its time the word got out.

    Don’t forget that Mint and others INCLUDE spreadsheet & word-processing apps (Libre) as well as many other good ones. Apple-jack and microswift are just rich-boy scams for the unwary.

    1. Yves Smith Post author

      The problem with your theory is people like me need to be able to open and edit Word docs, Excel spreadsheets, and Adobe Acrobat files (as in specifically use Adobe to OCR files sent as images) and send them back to people using Macs and Windows boxes. I still sometimes have compatibility issues. I’d have them all the time on a Linux box.

      And I’m not about to run a bloody partition to do that, I am chronically time stressed and don’t have time to fool around under the hood or miss a potentially important story because I can’t open a document someone sent to me.

  14. JacobiteInTraining

    Heh,cannot express how incredibly gratifying it is to see all the Linux users chiming in. I guess it shouldn’t surprise me – NC readers are already somewhat self-selected based on non-herd mentality.

    I would love to think that the future is not _really_ going to be the corporate/fascist dystopia 365x24x7 that its trajectory has seemingly been on, but rather that the lemmings being herded over the cliff decide ‘to heck with that noise’, and keep adopting open-source in as many places as possible.

    First very slowly, then all of the sudden. :)

  15. PKMKII

    Bleedover from the mobile side to the desktop side wouldn’t be such a problem, if the mobile side was making useful innovations in user interface. What we’re getting instead is a lot “oh gee that’s neat” features; Siri is entertaining for all of five minutes, the haptic feedback is funky but ultimately frivolous, the stereo speakers are straight up useless in a device of that size. Now to be fair, Apple isn’t alone in this, most of the features I see touted on Samsungs are equally vapid. In a way, the competition has made it worse, as they both rush to put out half-baked novelties marketed as paradigm-shifters to win this non-existent innovation war. Difference being that Samsung doesn’t have a desktop OS side to influence. Somehow the wires got crossed and they started putting the cart before the horse, putting the razzle-dazzle bells and whistles first and a stable, user friendly interface second.

      1. Arizona Slim

        Good grief! Computers only account for 24% of their revenue? No wonder they’ve turned to [family blog].

      2. nonsense factory

        Side effects of the dumbing-down of the American population, perhaps? Too many consumers, too few tinkerers. That doesn’t bode well for the future competitiveness of the country, either. Reminds me of this:

        Ahmed Mohamed’s homemade alarm clock got him suspended from his suburban Dallas high school and detained and handcuffed by police officers on Monday after school officials accused him of making a fake bomb.

        It’s just painful to watch, the rise of the zombie consumer culture.

  16. David

    I have two XP units, still working, backed up to each other for email and financial functions. An unused Windows 7 bought but never used – it is available when the others die. Linux, maybe, now I’ve read the comments above. Old systems work. Keep them.
    I used Apple back in early 80s while in Japan, could not afford when I returned to US.

  17. Peter VE

    I’ll just chime in on how disappointed I am with the crapification of the Mac. I need to use either Mac or Windows for my architectural software. I work on a 2008 Mac Pro tower with OS 10.9, with 14 Gb of memory and an SSD as the root drive. I have stopped updating my professional software because it too has hit the far side of the crapification curve, and requires updates to the MAC OS. If this machine ever dies, I’ll build a Linux box and load the software on a virtual Mac.

  18. Bill Carson

    This is disturbing news. I bought a MacBookPro in 2010, and it worked faithfully until it crashed and burned a year ago. I’ve been using my MacMini since then. I’d really like to get another laptop, but I just don’t see a reason to plunk down $3K on a top-of-the-line MBP.

    MacMail is starting to act up, and I don’t know if that portends another system crash, or if the problem is with my yahoo-hosted email account. You would think we would have these problems licked by now.

  19. Craig H.

    Also speaking of apples I have two questions for Yves:

    1. does your nom-de-guerre have any relation to the so-called originator of the science of Economics Adam Smith?

    2. did you know there isn’t an apple in the book of Genesis but the representation of the fruit of the tree of the knowledge of good and evil as an apple is an innovation of Italian painters like Giotto and Raphael?

  20. Kent

    For those of you who are Linux fans, and not IT people, if you haven’t set a root password, you are in no better shape than the Mac users. Probably worse shape.

    In secure corporate environments, only two system administrators are put into the root group (not userid). The root password is then changed to something impossible to remember, written down, and stored in a secured vault available only to the CIO. No one is allowed to login as root except the CIO, and only then to add and delete sysadmins from the root group. This forces sysadmins to login with their own credentials so they can be held accountable for their actions.

  21. Kevin Curry

    I find this whole thing completely unsurprising. Apple clearly stopped caring about the Mac line and OSX sometime around Snow Leopard (10.6). Their focus shifted to selling phones, then phones + watches. The Mac lineup is almost comically outdated, the Mac mini is a damn joke. the MacOS server offering hasn’t had a meaningful update in ages and is a joke. These days if you need to work in an OSX environment, you’re best off building a hackintosh.

    1. Bill Carson

      My Mac Mini is from 2012 or thereabouts. It works very well for the price I paid, compared to my MBP. I can’t speak about later iterations of the MM.

      But I can say that I shopped for new MBP’s about a year ago, when I experienced my loss, and I just couldn’t pull the trigger. I would have been paying about the same as I had paid six years earlier, and I was unable to ascertain whether the machine would even be any faster than my old one, AND I was restricted as to the size of the storage unless I was willing to pay a king’s ransom for a super-sized SSD. It’s just absurd.

  22. duffolonious

    Maybe look into something like this:

    “The Librem 15 is the first ultra-portable workstation laptop that was designed chip-by-chip, line-by-line, to respect your rights to privacy, security, and freedom. Every hardware and software component—and everything we do—is in line with our belief in respecting your rights to privacy, security, and freedom. We know you will be happy with the results.”

    If you _really_ are security paranoid (but still pretty practical). You can of course get more paranoid…

  23. skippy

    Apple has become a financial conduit, where the rest is just a residual tail, its all about financial transactions these days.

    Seems most OEM products just don’t have the grunt to facilitate the growing demand code puts on them or multiple programs running.

    Hence why I only build my own comps, almost done with the new PC after last build in 2010, only thing original from 2010 is the power source and speaker system. Gotta say the V-NAND M.2 thingy is pure speed pron, mother boards out of the box have come a long way, enclosed liquid cooling solutions to boot, as well CPU and GPU overclocking tools.

    The RGB thingy…. snort is all I can add…

    disheveled…. I this point I would not buy an out of the box laptop or PC by any OEM mob.

  24. John

    I’ve used Apple products for a long time and mostly have had very good experiences. I have installed High Sierra and it works great. I’m very sorry for those with bad experiences but they don’t represent the majority of users.

    The recent root debacle is horrible, but it was fixed very quickly. I don’t yet see this as a trend, more of an example of how things fail in the digital age.

    No question Apple’s focus has changed. They are not as supportive of DTP as they were 25 years ago. The customer distribution curve has changed and Apple has responded. Clearly they could make a new Mac mini if they wanted to. They choose not to.

    1. Clive

      If your business model is selling premium quality products for a premium price point, that’s fine. Just so long as you do in fact sell premium quality products.

      If, however, you try to sell a mediocre or even awful, buggy and unreliable products for a premium price point, in the medium term (once people are prepared to undergo a time-stealing transition and adjustment period and adopt an alternative solution) you no longer have a business. And you can’t just sit on your cash pile like some west coast Scrooge McDuck.

      1. skippy

        Clive that is what I was pointing out, none of the OEM stuff is any good wrt laptops or PC’s, just from a hardware standpoint.

        I pick out all my hardware to not only work together, but enable upgrades as needed. Say, I went for a 75% price point on a Z270X mother board because I’m not ready to go 6 core, so I banged in the last i7-7700k LGA 1151 4.2 unclocked. When I do go 6 core I will have to upgrade the mother board but the rest will be fine.

        Its to easy these days to go to a good online comp shop and sort out a build that suits someones needs. Better bang for buck.

        1. Clive

          Yes, that is what I was toying with doing for my next PC. I used to be a dab hand at doing this sort of thing when PCs were new (well, new-ish) and could quite happily change SIMMs, CPUs, those ISA cards we used to have to deal with, disk drives, IDE interfaces and so on. I had hoped (maybe it was secretly lamented!) those days were behind us and everything we needed was manufactured as a fully integrated product. I suppose it is an integrated product, now. Just a rubbish one.

          If you know a few reliable on-line stores for components (I’m not including Amazon and eBay; it’ll be a cold day in Hell before they get another penny out of me) that is preferably a one-stop-shop which seems to do proper worldwide delivery, don’t hesitate to mention them.

          1. skippy

            I use a local mob called Umart, price beats either above, not to mention they deliver or you can pick up. There should be an equivalent near you.

            These mobs normally have a build tool on their site where you can fiddle around with different configs. The one I use also offers a 90 AUD build service for those that are not interested in physically doing the build or setting it up to run.

            BIOS suites and other hardware interfaces are very user friendly these days, not to mention the tutorial videos or tech sites, which are abundant. Its actually quite easy to manage all the functions in realtime, heat management, drives, CPU – RAM – GPU, et al.

            1. Clive

              Thank-you Skippy. I think otherwise I would not have had the courage of my convictions and put another few hundred into the undeserving grubby palms of Dell, HP etc.

          2. joe defiant


            It shows you components and prices from a variety of sellers. It also helps with ratings and reviews and some good builds that the list of components are all put together and you basically go shopping. They have good ones for gaming, multimedia, etc..

            Building your own is the way to go no matter what operating system you want to use.

            It’s mostly just snapping wire connectors together and using a screwdriver.

                1. joe defiant

                  Right on mate. 4 years in not one component failed, still using it right now. Best thing when I upgrade I don’t have to buy everything again from scratch. Power supply, HDD/SSD, wires, cooler, memory, all still good. Only need to upgrade video card, motherboard and CPU really…

                  Saves so much money buying components rather than using OEM build. I build them for friends/neighbors who are interested but afraid to do it themselves too. Best thing if something goes wrong I just replace a component rather than buy a whole new system or pay a repair person.

                  1. skippy

                    2010 build had too many compatibility issues, so….

                    Thermaltake View 71 Tempered Glass Edition Full Tower Gaming Case, Gigabyte Z270X-Gaming K5 LGA 1151 ATX Motherboard, Intel Core i7 7700K Quad Core LGA 1151 4.2 GHz Unlocked CPU Processor, G.Skill 16GB (2x 8GB) F4-3000C14D-16GTZR DDR4 3000Mhz Trident Z RGB, EVGA GeForce GTX 1070 FTW2 Gaming ICX 8GB Video Card, ASUS MG28UQ 28″ 4K Gaming 1ms Eyecare Adaptive-Sync Monitor, Samsung 960 Pro Series 512GB M.2 SSD, Samsung 960 EVO 1TB M.2 SSD, Thermaltake Floe Riing RGB 360 TT Premium Edition Liquid CPU Cooler.

                    Still using all cables. 1200W thermaltake power and the 2x sata raptor 1T HDD’s from the old build. Probably have to liquid cool the GPU as it gets hot here in Queensland and I don’t AC the entire house, just master bedroom for the paramedic wife so she can sleep after night shift work.

                    Like you joe I never had any hardware issues save the GPU, which I reflowed in the oven and got another few years out of after it started architecturing.

                    OEM comps have more in common with Branson’s virgin gig, sell your brand name and let others crapify the product – service and if you don’t like it…..

    1. Lambert Strether

      Exactly. I was whining about the lack of cursor keys on the iOS virtual keyboard, and a reader explained to me that one could move the cursor with a two-fingered swipe on the keyboard.

      Well, first, who the heck swipes a keyboard? What kind of sense does that make? Second, the functionality is invisible, hidden. That’s directly opposite the Mac’s Human Interface Guidelines, where everything was open and tranparent. iOS doesn’t even seem to have guidelines. That’s why there are little snippets of text littered about the UI, explaining how to do this or that.

      1. Enquiring Mind

        One Steve Jobs saying that has gotten a lot of mileage at numerous companies:

        If there is a problem with the interface, IT IS NOT THE USER’S FAULT!.

        (sorry for the all caps screaming in my paraphrase. I am informed that it was in the original quote, plus some profanity)

        Apple and other companies seem to have drifted away from recognizing their customers. If inside, double-secret probation knowledge is required to use some commodity device, then it is time to wrest control away from the marketers who approved that genius feature, assuming anyone other than some blob committee did.

  25. Elizabeth Burton

    If you want a glaring example of what’s wrong with Mac, you need look no further than their godawful Mail app, which I refuse to use. Every so often they tweak it, but mostly that’s so it will interface with iPad and iPhone, not to make it an email tool that does anything useful.

    I think you may have something, though, with the thought about the fact the people at the top are so rich they can’t think. If you don’t use a toll to earn a living, what are the odds you’re going to care if it actually does what it needs to do? Or are you, rather, going to keep looking for ways to make it prettier and fancier, even if in the process it becomes all but dysfunctional for any purpose other than sitting on a mantel for others to ooh and aah over?

    That, to me, is exactly what’s been going on with Mac since we lost Steve.

  26. Lynne

    We switched our office over to Macs about 9 years ago and at first were blissfully happy with it. After having invested a large amount of time into creating an in-house document assembly system using Pages and the rest of iWork (which worked like a dream), however, Apple decided to crapify OS X and broke all the code that made it work. We persevered, but each “update” makes the machines that much less usable and more of a pain to deal with. At first, Apple reps told me just not to update, but then I started getting messages that Pages would not open files without updating the entire operating system. Then it broke everything. It wouldn’t be so bad, except they haven’t come up with anything that is usable for cranking out work because they’re so busy making pretty watches and Tim Cook seems more interested in bullying people than running a company (for example, the debacle when he went to Europe and lectured EU officials on his specialness).

    But if we switch to Linux, what do we do with the software that requires Windows? Right now, we have one MBP with Parallels running Windows and one old Windows machine.

    1. annamagnusdottir

      Install VirtualBox (VB is an Oracle product, it’s free and easy to install, and it’s essentially identical to Parallels so far as functionality goes) on your Linux machine(s), then within VirtualBox you install (or migrate) your Windows virtual machines.

      The end result will be the same sort of setup you have now, only on a Linux host rather than a Mac. It *might* even be possible to simply copy and paste your current Windows installation from Parallels to VB, but I’m not 100% sure of it.

      1. Yves Smith Post author

        She may be willing to do that, but dealing with two operating systems and a disk partition is a no go for me. I have enough headaches dealing with one OS. I hate learning software with a passion. Dealing with two OSs and even more software packages would be torture.

        1. drexciya

          Running a virtual machine is very different from running a multi-boot system. You install the OS of your choice inside the VM, and then run the VM (as in: a “complete PC”), as if it’s an application, inside your regular OS (“host OS”). It’s a variation on the partitioning, which was a given on mainframe systems.

          Given the fact that a VM is just a bunch of files (virtual disk, configuration files), you can easily create a backup of full systems. Also you get the option of creating snapshots (points-in-time). On top of that, you can copy VMs to other machines and they just work.

          With current hardware it’s easy to run VMs without speed issues. The only restriction is on directly accessing hardware, since that’s off-limits (that’s the whole point about VMs and virtual hardware).

          With VMware Fusion/Workstation (MAC OS and Windows/Linux versions respectively), there’s even some sort of transparent integration with your guest OS possible.

  27. ewmayer

    The funniest part of the story is that there has long been a relativeky simple way to do just what the article describes – the user-login fubar just made it a little easier to do:

    Apple allowed anybody who could touch a Mac that was logged in to gain root access and, later, invisibly control the Mac indefinitely. Our hacker would first go to System Preferences, click Users & Groups, and create a new administrative user. Then they’d click back one level and enable remote login. After the 5-10 seconds this would take they’d skedaddle, doing the rest of their work at their leisure.

    And even after the patch you can *still* do the same thing on any Mac you have physical access to, via boot into single-user mode and fiddling of an admin-related setting:

    bought a used macbook. how do i remove the old user account and make mine the admin? | reddit

    I’ll bet a large part of the thriving secondary market in used Macs relies on just this technique. I used it last summer to reset the Admin access on a used macbook a friend gifted me as a backup unit last year, which I’d put into storage until needed. When the HD on my then-current macbook classic finally died in the sumemr I pulled the backup out of storage, only to realize my friend hadn’t included a post-it note with admin-password … and in the interim he had forgotten it, as well. A little single-user hackery, and voila! I’m writing this comment on the very same system.

    I would be interested to hear from any users on the latest-greatest version of the OS as to, once the fix for the login-screen fubar is applied, the above single-user-mode-boot hack still works. (The system I used it on is running 10.7.5).

  28. The Rev Kev

    So if a small article on Apple is enough to generate 77 comments at the time of this posting, then what would an article on Microsoft and Windows generate in the way of comments?

      1. flora

        If Apple’s ‘new’ UI – minimalist, thin, indistinct, white spaced, colorless, vague – is supposed to be a metaphor for ‘being in a cloud’ it fails. It reminds me of ‘driving in fog’, but that’s just me.

    1. Yves Smith Post author

      Apple has much higher market cap plus Microsoft has long been known to be buggy and not secure (see my intro). I doubt a MS post would have gotten more comments.

  29. David Henderson

    Over the past 4 years I have been migrating to Debian Linux. I made the concious decision because the upgrading of software versions is not at a rapid rate and lets me fully test new software releases prior to depending on them. I chose Debian over similar Ubuntu or Mint derivatives because Debian does not change its versions so rapidly and goes through pretty rigorous regression testing.

    I still have 4 functioning Apple computers, one tower and 3 laptops. The latest version of OSX installed is 10.9, so I can keep up with latest version of browsers and other user software. My earliest Apple computer was the Mac Plus, circa 1986.

    Only one laptop can run the latest version of OSX; but I keep it as 10.9 because it can run anti malware apps and is pretty stable.

    My tower is stuck at OSX 10.6 or 10.7 and wont support a more modern version of OSX. These days it runs the latest version of Debian Linux and is my home file server.

  30. Wade Riddick

    No one mentioned the magic word, “utility.”

    We expect a certain quality of service, dependability and user-friendliness in our utilities. We don’t expect to come home and find out the power company snuck in and changed all the plug sizes in the electrical sockets, forcing us to buy all new appliances because they have a crooked deal with Best Buy. We don’t pull out of the driveway only to find the city has shrunk the lanes forcing us to buy motorcycles.

    In the last year or two, Apple has removed ringtone support from iTunes, taken App management out of iTunes (and not really replaced it with anything useful) and now rendered my new phone completely unable to transfer its pictures to my computer. These were all active acts of sabotage to existing software that functioned adequately. (Don’t even get me started on multuple playlist support disappearing from iTunes years ago and never fully returning.)

    When we invest in a computer system, we store value in it much like buying assets in a foreign country with a foreign currency. We don’t want those assets trapped by, essentially, high exchange rates or mindless regulations (a point I made academically a quarter century ago when Java was introduced).

    Silicon Valley’s inability to develop into a regular utility has been a severe blow to economic growth. This arbitrary control over standards and features is routinely used to squeeze out more rents. Users are essentially held hostage in the system while our private information is monetized or even used against us.

    The comments about security holes illustrate the diminishment of private property rights. The government is attempting to create – without any formal legalisms – a “right-of-way” for security systems to audit all your information. (Given that CRISPR could end the world, I do sympathize with their anxieties). The result hasn’t been an improvement of security but rather an increase in trespassing.

    The essence of a private property right is the right to exclude others from its use. The people complaining here feel helplessly excluded from control over our own systems. Markets don’t function without private property, transparency or responsibility and so it’s a great irony that all those “libertarians” of Silicon Valley have done so much to diminish actual property right by promoting the most destructive of monopolistic behaviors.

  31. TheLurker

    Although I’ve already replied to a few threads, I’d like to post a top-level comment recommending Ubuntu Linux, or one of its variants, to new and non-technical users. It’s very easy get up and running with minimal technical hurdles and offers a modern desktop that just works, securely and without much fuss.

    The latest version, 17.10, isn’t a “stable” release. I recommend v16.04, which still has several years of official support from the developers.

    After installing, search the web for “things to do after installing Ubuntu”. You’ll get all kinds of software recommendations, security tips, and customization options, while also discovering the most vibrant parts of the online community.

    1. Yves Smith Post author

      See my comments on this. The issue is not just the OS. It is the compatibility with apps running on the Mac and Windows, most of all Word and Excel. I don’t want to have to deal with two OSs via a partition or having separate machines to handle docs and data I get (no joke, on a daily basis). This is more complexity than I have time to deal with.

  32. sd

    My industry uses software that was programmed for Mac. So switching to a new operating system means learning entirely new software while simultaneously convincing an entire industry to change as well.

    It’s like Apple completely forgot that businesses and their employees are actually relying on their machines to do work which just makes you wonder, is everyone at Apple just spending the day texting, messaging, and snapchatting each other? Cause that’s what it looks like.

  33. Charles 2

    I am sorry come a bit late in the discussion, but for those who are still reading, the correct fix is NOT what is mentioned by the author of the post.
    1) it is possible to create users that don’t appear in the list of users in the system preferences, so “not seeing an unusual user” in this list is not enough to rule an intrusion out.
    2) a root user can totally erase its track so if you have any suspicion, the only remedy is to erase your disk and rebuild from backup.

    This being said, this horrible bug is a good reminder that the first thing to be done when using a *nix system is to change the root password to something very complicated (like 20 random digits). In a MAC, it is done using the procedure described in .
    After that, disable root and never use it again unless you are a Unix god. If you are not, you can safely forget that password. Actually you are probable safer if you do, because you will never be tempted to do something stupid that requires it…

    My understanding is that people that did this for their system where not affected by the bug.

  34. templar555510

    To quote Richard Rumelt Steve Jobs ‘ enforced excellence in design ‘ . He was not an engineer, but he got good people to do a good job well . That was his genius. Tim Cook is a manager and by the financial metrics of Apple a successful one. But for Jobs the vision was all and the success was the product ; the profits flowed from that. He was not interested in gimmicks and that’s where we are now with Apple ; far away from the utility of the machine . Whilst writing this the old joke about computers that came from some wag at GM in response to Bill Gates ( don’t laugh yet ) came to mind. I case you don’t remember it here is the link :

    1. joe defiant

      If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:

      1. For no reason at all, your car would crash twice a day.

      2. Every time they repainted the lines on the road, you would have to buy a new car.

      3. Occasionally, executing a manoeuver such as a left-turn would cause your car to shut down and refuse to restart, and you would have to reinstall the engine.

      4. When your car died on the freeway for no reason, you would just accept this, restart and drive on.

      5. Only one person at a time could use the car, unless you bought ‘Car95’ or ‘CarNT’, and then added more seats.

      6. Apple would make a car powered by the sun, reliable, five times as fast, and twice as easy to drive, but would run on only five per cent of the roads.

      7. Oil, water temperature and alternator warning lights would be replaced by a single ‘general car default’ warning light.

      8. New seats would force every-one to have the same size butt.

      9. The airbag would say ‘Are you sure?’ before going off.

      10. Occasionally, for no reason, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key, and grabbed the radio antenna.

      11. GM would require all car buyers to also purchase a deluxe set of road maps from Rand-McNally (a subsidiary of GM), even though they neither need them nor want them. Trying to delete this option would immediately cause the car’s performance to diminish by 50 per cent or more. Moreover, GM would become a target for investigation by the Justice Department.

      12. Every time GM introduced a new model, car buyers would have to learn how to drive all over again because none of the controls would operate in the same manner as the old car.

      13. You would press the ‘start’ button to shut off the engine.

Comments are closed.