Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why did your team deem it appropriate to mess with core system components like /var?


Especially since the OS will prevent the attempt from succeeding on most Mac installations. Presumably it is a sloppy mistake, but one in an attempt to do … something … that is probably nefarious.


I suppose that's how it happened; some code to tamper with `/var` was accidentally (most likely - I doubt this was intentional/malicious) added into the update script. When this was tested and run through QA, everything looked OK because everyone is running Mac OS with SIP enabled

Makes me wonder if other software might be attempting to damage the system (totally by mistake) but SIP is preventing it, making it quite deadly to use said good software if you happen to turn off SIP for stuff like debugging


What's the bet Google disclaim any and all liability for this? eg the time taken to fix this, loss of income, etc.

Seems an awful lot of work related computers (eg Avid systems, and more) have been rendered inoperatable until someone manually boots and fixes each one.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: