A nasty bug was found in macOS 10.13 High Sierra — it was possible to cause the root account to become enabled, and to do so with a blank password.
To trigger this bug all you had to do was go into the control panel, click the padlock to un-lock the sensitive settings, change the username to root, enter no password, then hit enter. At this point the authentication would fail, but, the root account would have been made active. Hit enter again, and root with a blank password will be accepted as valid. At this point you can do anything in the control panel, no matter how restricted your account is in theory, and, anything you can get full terminal access as root.
Listener (and good friend) Rally brings us our Dumb Question this week:
When MacOS High Sierra is installed, the photo and video formats are changed to HEIF and HEVF, respectively. I presume that means that the Photos library on the Mac is updated to this new format for all the pictures in the local library.
Is the iCloud Photos library also updated? If not, what happens when new HEIF photos are uploaded to the library?
I also have about 50 Photos libraries from our travels on my NAS device (i.e., they are not the system Photos library). How would they be managed under High Sierra when I use them in my videos?
One of my frustrations in life is that I can spot a typo in someone else’s work from a mile away, but I simply cannot see my own mistakes. Seriously, a printed page on the other side of a desk facing upside down to me is a cake walk to catch mistakes, but in what I can only assume is a built-in delusion about my own writing talents, I simply cannot see where I’ve botched something up.
I run spell checkers, I have Steve read my blog posts before they go up, sometimes I trick Steven Goetz into reading things for me, and I have early warning systems in place like Roger Nash from England who gets up before anyone else and tells me about my errors.
But still, these errors leak through. When we’re lucky, I’ll be reading a post for the podcast and I see a mistake and stop and fix it. But those blog posts have been up for days with those mistakes. It drives me nuts.
This week in our Google Plus group (podfeet.com/googleplus) Sandy Foster asked a dumb question, which as is usually the case, is not a dumb question at all. The story takes some winding paths, but I assure you that there’s a solution at the end of this story.
Her problem to be solved was that a friend of hers had a non-commercial DVD to which she had the rights to copy. Sandy volunteered to make duplicates for her friend because she knew it would be an easy task on a Mac. She spent two hours on the phone with AppleCare with both an advisor and then a senior advisor, neither of whom helped her figure out how to do this.
By now, if you’re at all interested in Apple products, or even if you’re not, you’ve been inundated by information about the new toys they announced. I found it interesting to be on the elliptical at the gym on Wednesday morning and I could see all of the TVs that had any kind of news or financial shows playing were talking about Apple.
I don’t want to do a rundown of what Apple announced, but I did want to make some observations. Steve and I really enjoyed watching the event with a lot of NosillaCastaways in the live chat room. It was early enough in the day that our more Eastern friends were able to join in, like skamar from Greece. I love how international our audience is. Getting perspective from Bart in Ireland and Steven in Canada and Terry from Holland and Rose from Australia is great.
This week our guest is Bart Busschots, but this isn’t a heavy lifting episode. Instead Bart’s going to tell us about three apps he’s just acquired on the advice of the NosillaCastaways and about which he’s really excited. He’s going to write blog posts about them soon, so keep an eye on this post to see the links to them. He’s going to tell us about Yoink fro the Mac, and MultiTimer and Due for iOS.
David Ginsburg of the In Touch with iOS podcast sent in a recording describing the unusual problem he had where Apple shipped him with an operating system actually newer than the one you can download. I’ve started a series called Tiny Tips, and the first one is why you should create a folder called Delete Me. I’ve got part 2 of my Affinity Photo for iPad review/walk through and then we’ve got Security Bits with Bart Busschots.
This week our guest on Chit Chat Across the Pond Lite is Peter Wells, who writes for the Sydney Morning Herald – and is a semi-regular guest on DTNS. Peter was asked to attend WWDC by Apple and in that capacity had amazing access to Apple engineers to ask the right questions. We talked about the new iMac screen (1 BILLION colors) and whether you can tell the difference, whether Kaby Lake processors matter in desktops, where the speed of the new SSDs might matter, and about VR/AR and graphics cards. He gives us his views on the new 10.5″ iPad Pro and whether it’s worth double the price of the iPad nothing. Peter is very bullish on iOS 11 and how it will affect the iPad market.
You can follow Peter on Twitter @peterwells and here are links to Peter’s recent articles in the Sydney Morning Herald about WWDC:
Something appears to be fishy with Apple’s databases, based on my story of how someone else’s credit card got into my account. Mark Pouley of Twin Lakes Images gives a great review of the Easy Pill medication tracker and reminder for iOS. I’ll tell you why I think doing a clean install of your OS from time to time and not using Migration Assistant is a good idea, but I’ll follow that up with all the little fiddly bits I’ve had to modify to get things running again. Bart Busschots is back with Security Bits where he gives us an update on the security of the Internet of Things and more information that’s been coming out, along with all of the rest of this week’s security news.