{"id":34158,"date":"2021-11-15T15:35:41","date_gmt":"2021-11-15T20:35:41","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=34158"},"modified":"2021-11-16T14:16:23","modified_gmt":"2021-11-16T19:16:23","slug":"apple-software-quality-in-2021","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/11\/15\/apple-software-quality-in-2021\/","title":{"rendered":"Apple Software Quality in 2021"},"content":{"rendered":"

Dan Moren<\/a> (Hacker News<\/a>):<\/p>\n

But one challenge with continually moving the state of the art forward is that sometimes it comes at the expense of making sure the technology that’s already here works as well as it can. After all, if you have to add a dozen new features in a year, that could mean taking away from work enhancing reliability, and squashing bugs in existing features.<\/p>\n

We’ve all encountered a slew of problems—some simple (if ridiculous) to fix, others are maddeningly difficult to troubleshoot. As our devices get more and more complex, it’s all too easy for some of those problems to persist for years. And though the best part of the Apple experience has long been “it just works,” the question is…what happens when it doesn’t?<\/p><\/blockquote>\n

I think Monterey is probably the best update since High Sierra in terms of not introducing too<\/em> many new problems. On net, I think it fixed more significant bugs than it added. However, in total, Monterey still feels more buggy than Mojave or earlier, and the goal should be to get to much better than Mojave: more like El Capitan or Snow Leopard.<\/p>\n\n

The yearly release cycle continues to be a problem. On the developer side, a quarter of the year is spent dealing with potential breakage (made more real by public betas) and another quarter or more with actual breakage. On the customer side, there aren’t enough months for Apple to polish one release before moving on to the next. Even security updates aren’t getting enough attention now.<\/p>\n\n

Andrew Cunningham<\/a> (Hacker News<\/a>):<\/p>\n

News is making the rounds today, both via a write-up in Vice<\/a> and a post from Google’s Threat Analysis Group<\/a>, of a privilege escalation bug in macOS Catalina that was being used by “a well-resourced” and “likely state-backed” group to target visitors to pro-democracy websites in Hong Kong. According to Google’s Erye Hernandez, the vulnerability (labeled CVE-2021-30869<\/a>) was reported to Apple in late August of 2021 and patched in macOS Catalina security update 2021-006<\/a> on September 23. Both of those posts have more information on the implications of this exploit—it hasn’t been confirmed, but it certainly appears to be yet another front in China’s effort to crack down on civil liberties in Hong Kong<\/a>—but for our purposes, let’s focus on how Apple keeps its operating systems up to date, because that has even wider implications.<\/p>

On the surface, this incident is a relatively unremarkable example of security updates working as they ought to. Vulnerability is discovered in the wild, vulnerability is reported to the company that is responsible for the software, and vulnerability is patched, all in the space of about a month. The problem, as noted by Intego chief security analyst Joshua Long<\/a>, is that the exact same CVE was patched in macOS Big Sur version 11.2<\/a>, released all the way back on February 1, 2021. That’s a 234-day gap, despite the fact that Apple was and is still actively updating both versions of macOS.<\/p><\/blockquote>\n\n

Previously:<\/p>\n