Re: Why
Because it was a programming bug.
strcpy(stored_hint, typed_password) and NOT like it should have been:
strcpy(stored_hint, typed_hint)
Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software. Matheus Mariano, a developer with Brazil-based Leet Tech, documented the APFS flaw in a blog post a week ago, and it has since been reproduced by another programmer, …
Probably no-one at Apple noticed because they're all still using the command line instead of Disk Utility for everyday volume maintenance, and the bug isn't present in the command line version. Everyone uses command line diskutil because several versions ago (I think in El Capitan) Disk Utility lost essential functionality. If, for example, you wanted to set up software RAID (e.g. mirrorring) you suddenly had to use the command line. If you've been routinely doing that for two years or more and you're a developer, of course you're going to continue instead of learning High Sierra's new Disk Utility.
The real disgrace is that El Capitan ever got out the door with that neutered Disk Utility. Lots of people in the creative industries - photographers, video editors, animators etc. - had a need for and used RAID, especially with the popular cheesegrater towers. To expect those kinds of people to use the command line was absurd.
So this isn't just a matter of poor QA on High Sierra - although it is that - but poor software development plans as set out by senior management. It was a conscious decision that power users, including Apple's own developers, would not be "eating their own dog food".
I knew I couldn't be the only one mad at this change. I actually held off upgrading to El Capitan because of it. Ended up jumping from Yosemite to Sierra on April because APFS was actually piquing my interest. I didn't really expect it to be released with these kind of bugs, though.
I used to enjoy new updates - they brought great new pro features - I remember putting snow leopard on and getting so much better performance on CPU tasks, GPU tasks, etc. It was what you EXPECT from mac os upgrades - making everything better by taking advantage of the tight HW integration and leveraging real time GPU encoding/decoding, etc, etc.
Since then it's been downhill - adding useless shite every year that I have to disable (launchpad, game centre, notifications, flat icon bollocks, daemon services for facebook, icloud and various other crap I have no intention of every using)
My approach is now to not upgrade the OS version AT ALL (security patches aside) , until one of my key program's updates has some killer features that I need - and is tied to a more recent OSX version. Even then it pains me to have to, as 9x out of 10 there's no technical reason for the restriction.
So I only moved to El Capitan late this year when FCPX and a few other apps wouldn't install updates on Yosemite, and I decided it was worth the hassle. Sierra was out, but I saw no point in moving more than I needed to.
Queue 1/2 a day of updating all the low level utils that then break once El Capitan on, and disabling various pieces of crap I have no interest in (social media shite up the wazoo for example), disabling SIP cause like... I'm a big boy... if I want to use XtraFinder because after 17 years your shite Finder still doesn't allow proper cut and paste,and right click to create a text file where I want to, I'll fecking well do it.
Sierra continued this approach by offering nothing new other than trying to make my mac look and work like an iphone. And having never had any issues at all with AFS, I've no desire for high sierra either frankly.
This is how I feel about pretty much all mainstream OS nowadays.
I don't want 'more stuff' I have all that or can add it later as I need it. I just want the OS to be faster, leaner and more secure.
I have no need for dozens of apps and features I have no use for, cannot properly uninstall and just add to the attack surface and are the reason for masses of more unnecessary updates.
What feature would I like the most? Thanks for asking, I'd like a modern robust file system that can transfer thousands of small 10Kb files at the same rate as it can a 10GB video file instead of crawling to a near halt over my 3500MBps NVME storage hardware. That will be a start. I'll never get it though, I guess I'll have to make do with some 3D kids party planner app instead.
Fair play Apple, making sure it "just works" for everyone. Including those who want your encrypted data when you're not around.
Here, have a pint. Yes it's warm. Yes there's no head. Yes there is faint wiff of piss from it. Yes we're aware of the issue, but we'll sort it out after you drink this pint first.
This smacks of a developer deliberately storing the password in the hint field on purpose, so that he (or she) can test it as she (or he) goes along and not worry have to worry about remembering the password.
The intention would have been to remove that bit before committing it, but (s)he forgot, and nobody noticed it in the pull request.
2017 in review:
Microsoft: Hey, we didn't validate our update before rolling it out - top that!
Google: That's nothing - we released the latest version of our mobile OS with a bug that eats all your data - top that!
Apple: Hold my beer...
And... because High Sierra is now available, you can no longer upgrade to regular old Sierra, unless you previously installed it, because, oh right there's no reason.
Since a lot of my apps now (finally) work with Sierra but are officially listed as not working with High Sierra, I'm kinda stuck where I am.
An alternative suggestion as to the source however: when one uses Apple's interface builder, one task is to connect outlets to graphical elements, e.g. you know there's an NSTextField that the user will type a password into so you declare an NSTextField property and then you switch to the interface builder where you have laid out the dialogue and you wire the property to the control — literally drag a connection from the one to the other. Then in code you access the text field's contents via the outlet.
A drag and drop error that connected both the 'hint' and 'password' outlets to the password text field would then result in the password being recorded as both, even though the code says 'self.password' for one and 'self.hint' for the other. And the wiring is all within the undocumented XML format used for interface layouts, so good luck getting a meaningful code review on that.
Given the whole purpose and importance of a password hint, it's mind boggling that nobody tested the feature.