Apple's sophomoric iOS QA team missed this bug since as far back as iOS 14
<https://www.engadget.com/ios-15-2-1-homekit-vulerability-fix-201158978.html>

"Spiniolas found that the vulnerability is present within Apple's mobile
operating system as far back as iOS 14.7, but said he believes it exists in
all versions of iOS 14."

Worse, Apple took forever to fix it after Apple was told about it.

"Security researcher Trevor Spiniolas discovered the vulnerability and
publicly disclosed it on January 1st. According to Spiniolas, he informed
Apple of the bug way back in August of last year!"

In article <sroest$10aq$1@gioia.aioe.org>, Andy Burnelli
<spam@nospam.com> wrote:

> Apple's sophomoric iOS QA team missed this bug since as far back as iOS 14

right, because having homekit device names longer than 500,000
characters is so incredibly common.

how could that have possibly slipped through??

it should have been the first thing to test.

for reference, 500,000 characters is roughly 1000 *pages* of
single-spaced text, which would take nearly 17 continuous hours to
type, assuming a sustained 100 wpm for the entire time, without any
breaks for food, bathroom or anything else.

On 2022-01-13, nospam <nospam@nospam.invalid> wrote:
> In article <sroest$10aq$1@gioia.aioe.org>, Andy Burnelli
><spam@nospam.com> wrote:
>
>> Apple's sophomoric iOS QA team missed this bug since as far back as
>> iOS 14
>
> right, because having homekit device names longer than 500,000
> characters is so incredibly common.
>
> how could that have possibly slipped through??
>
> it should have been the first thing to test.
>
> for reference, 500,000 characters is roughly 1000 *pages* of
> single-spaced text, which would take nearly 17 continuous hours to
> type, assuming a sustained 100 wpm for the entire time, without any
> breaks for food, bathroom or anything else.

A reflection of himself, Arlen's trolls are just plain dumb. He doesn't
bother researching the things he trolls about, nor would he truly
comprehend them if he did. Due to his perpetual little Apple hate boner,
he's perfectly happy to turn even the most ridiculous trivial things
into a troll against Apple because it makes him FEEL better. He's a
pathetic waste of a human being who spends all day every day trolling.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 13 Jan 2022 15:31:11 GMT, Jolly Roger wrote:

> A reflection of himself, Arlen's trolls are just plain dumb. He doesn't
> bother researching the things he trolls about, nor would he truly
> comprehend them if he did. Due to his perpetual little Apple hate boner,
> he's perfectly happy to turn even the most ridiculous trivial things
> into a troll against Apple because it makes him FEEL better. He's a
> pathetic waste of a human being who spends all day every day trolling.

FACTS (which are incontrovertible):
1. The bug was _not_ found by Apple QA
2. The bug is a _classic_ (which means there is _no_ Apple QA to speak of!)
3. The bug was reported to Apple in the middle of last year
4. Apple refused to fix it in a timely manner (by _all_ accounts!)
5. Exasperated, researches made the bub public (after waiting half a year!)
6. Only then did Apple even _bother_ to fix this rather serious flaw.

ASSESSMENT (by intelligent people):
*Apple only fixed a known security bug well _after_ the shit hit the fan!*

ASSESSMENT by Jolly Roger:
Apple can do no wrong, but worse - anyone who points out any facts must be a
troll because Jolly Roger himself wishes to remain completely oblivious of
facts that tell the truth about how sordid Apples almost total lack of QA
truly is (Apple QA can't even predict a buffer overflow for God's sake!).

On Thu, 13 Jan 2022 09:59:43 -0500, nospam wrote:

> because having homekit device names longer than 500,000
> characters is so incredibly common.
>
> how could that have possibly slipped through??

FACTS:
1. The bug was _not_ found by Apple QA
2. The bug is a _classic_ (which means there is _no_ Apple QA to speak of!)
3. The bug was reported to Apple in the middle of last year
4. Apple refused to fix it in a timely manner (by _all_ accounts!)
5. Exasperated, researches made the bub public (after waiting half a year!)
6. Only then did Apple even _bother_ to fix this rather serious flaw.

ASSESSMENT:
*Apple only fixes known security bugs well _after_ the shit hits the fan!*

I realize you make excuses for Apple no matter what, but the fact remains
that an overflow (such as the classic buffer overflow) is not only easy to
predict but it's also one of the _first things_ a decent QA team tests for.

While even the head of engineering said Apple's QA is atrocious in an
internal memo (which we've discussed in the past), it's _trivial_ to test
for buffer overflows.

They just didn't bother to test even this, the _simplest_ of expected tests.
> it should have been the first thing to test.
>
> for reference, 500,000 characters is roughly 1000 *pages* of
> single-spaced text, which would take nearly 17 continuous hours to
> type, assuming a sustained 100 wpm for the entire time, without any
> breaks for food, bathroom or anything else.

Again, you'll excuse every Apple flaw, where now you claim computers can't
add one repetitively to any buffer QA test (which is patently ridiculous).

What you fail to comprehend in your quest to defend even this huge Apple QA
flaw is the following accurate observation in the aforementioned reference:
"'*I believe this bug is being handled inappropriately*
as it poses a serious risk to users
and many months have passed without a comprehensive fix' Spiniolas said.

nospam <nospam@nospam.invalid> wrote:
> In article <sroest$10aq$1@gioia.aioe.org>, Andy Burnelli
> <spam@nospam.com> wrote:
>
>> Apple's sophomoric iOS QA team missed this bug since as far back as iOS 14
>
> right, because having homekit device names longer than 500,000
> characters is so incredibly common.
>
> how could that have possibly slipped through??
>
> it should have been the first thing to test.
>
> for reference, 500,000 characters is roughly 1000 *pages* of
> single-spaced text, which would take nearly 17 continuous hours to
> type, assuming a sustained 100 wpm for the entire time, without any
> breaks for food, bathroom or anything else.
>
Given his obsessive typing here I doubt Arlen would have any problem giving
his devices names longer than 500000 characters, hence his concern. If only
he spent more time naming his favorite devices and less time spamming the
group.

On Thu, 13 Jan 2022 09:52:51 -0600, *Hemidactylus* wrote:

> Given his obsessive typing here I doubt Arlen would have any problem giving
> his devices names longer than 500000 characters, hence his concern. If only
> he spent more time naming his favorite devices and less time spamming the
> group.

Apologists can't deny facts so they attack the mere messenger of the facts?

What I find interesting is that all you ignorant apologists don't realize
that a computer can easily add 1 to anything (which should be obvious to all
developers and QA testers - but which is not obvious to Apple employees).
*The fact remains that it's trivial to test for buffer overflows.*

Also, I find it interesting that the ignorant apologists don't realize it's
trivial for a computer programmer to code a proper error when it happens.
*The fact remains that it's trivial to code an error on a buffer overflow.*

That the clearly sophomoric iOS developers did _not_ code properly is clear.
That the clearly incompetent iOS QA testers didn't test properly is obvious.

But what this thread is about is that Apple _knew_ about this bug since
August and Apple did absolutely nothing about it.

Apple doesn't care about the bugs until the shit hits the fan.
Only then does Apple fix even this, a very simple yet severe coding flaw.

Apple essentially _waited_ until the security researchers gave up.
*Apple only bothers to fix serious flaws _after_ the shit hits the fan.*