Follow

I figured out the appleid.apple.com issue.

It sniffs your User-Agent.

If it says Linux, Bad Gateway error.

WHAT THE ACTUAL FUCK

IT WORKS WITH A WINDOWS UA

IT WORKS WITH A BSD UA

IT WORKS WITH A GOD DAMN OS/2 UA

NOT LINUX

WHAT IS WRONG WITH YOU

And it's specifically that too. If I delete "Linux" from the UA and resend the request, it succeeds. If I delete just the 'x' off the end, it succeeds. If I lowercase the 'L' it fails. They are deliberately blocking Linux users from managing their Apple ID if they have one.

Wait what?

If I remove the "X11; " from the OS section of the UA, it succeeds. So they're sniffing for "X11; Linux" case-insensitive.

Guess Apple hates X11.

@alexbuzzbee They know the year of the Linux desktop is soon(tm) so they must stop it at all costs

@alexbuzzbee how very strange. perhaps they ran one test, didn't like the result, and decided to just block 'the experience' altogether?

@alexbuzzbee let's keep in mind that this is the company that currently maintains Linux's printing subsystem

@zalandocalrissian @alexbuzzbee

> #Apple currently maintains
> Linux's printing subsystem

Very reassuring, indeed...

@Shamar @zalandocalrissian @alexbuzzbee Something I noticed when reading that: the file conversions incorporated into it are for us maintained separately. The ones maintained with CUPS are Mac OS-specific.

So far the core can still be compiled for Linux-based systems. But it is worrying.

@Shamar So that's why printing on Linux is just as good as MacOS. I never knew they were the same one, but I noticed that Mac/Linux support of printers is significantly less broken than on Windows.

@alexbuzzbee It may be for security purposes, since X11 lets any app sneak into each other

@espectalll @alexbuzzbee from that perspective, if your x11 is infected and they want to target this specific page, it is already possible to change the user agent. :shrug_akko:

@alexbuzzbee Maybe they balance the load based on UA (for UA-specific content) and one of the servers failed?

@alvarezp It’s also been suggested that an IPS is reacting badly to attacks with an X11; Linux UA.

@alexbuzzbee @alvarezp This is my thought, too -- some really, really shortsighted attempt at defense against some sort of attack.

That being said, I wonder how broad this "linux prevention" goes -- I've been using the wonderful, third-party site "playapplemusic.com" to use Apple Music on the web (since Apple doesn't provide a web interface, or even let you download the Apple Music app on ChromeOS), and it went down about a week ago, too.

@mdm @alexbuzzbee Yes. The problem is not so much that things fail, but how to make them aware. I wonder if they are not yet aware.

@alexbuzzbee @andreas I wonder if it came out of some incompatibility in the past or legal issue? It’s weird that they would block an entire os for no reason.

@alexbuzzbee maybe we should politely ask Apple about this? Assume it was a quick fix for something that's no longer needed and they forgot about it? I guess screaming at them in caps won't do any good...

@alexbuzzbee that’s odd, bc we have an iPad here at home and I have logged into iCloud from my laptop just last week to download photos with no problem (apart from that despicable service, which only allows you to download **one photo at a time**)... Or maybe this is a very recent thing.

@areppo iCloud works fine. It’s specifically appleid.apple.com.

@alexbuzzbee maybe they blocked that user-agent because of spam? definitely a bad look for an OS vendor though

@alexbuzzbee Even if that were remotely okay to do, which it obviously isn't, that's... not what a 502 means!

@jomo @alexbuzzbee yeah, I had too call them to cancel my old apple id. Such a pain.

@jomo @alexbuzzbee it actually looks for Linux AND X11, I would say perhaps due to security concerns

@espectalll @jomo @alexbuzzbee if your security relies on user agents...... what are people paying you thousands of dollars for again?

@grainloom @jomo @alexbuzzbee it's not that, it's that you need to trust the clients to do their job. Sure, none of them are warranted to be safe, but X11 is vulnerable BY DESIGN. Even Windows won't just let any program catch any desktop I/O without admin permissions

@grainloom @jomo @alexbuzzbee yes, it's VERY easy to sort around. Yes, it's relatively easy to also detect false flags. And YES, the error message isn't very informative. AND YES, it's very opinionated and paternalistic if true. But it's Apple we're talking, after all.

@jomo @alexbuzzbee Seems to be fixed now, though, however; or not? I get a "HTTP/1.1 200" for "Linux" and "X11" and "X11; Linux".

@agbo @jomo It’s known to work for some now, but try “(X11; Linux)”.

@alexbuzzbee @jomo
Apple:
:drake_dislike: increasing security of our services
:drake_like: just block Linux traffic coz they’re probably all hackers anyways

@alexbuzzbee "We know who our enemies aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaare." - Neutral Milk Hotel

@alexbuzzbee So... the website is refusing to work because people are on Linux?!

@alexbuzzbee Indeed, I can reproduce this behaviour. Strange.

@alexbuzzbee Maybe it's just a bug (i.e. a mistake, with no malicious intention). Like they used to do something specific for Linux, then got it broken somehow, and didn't notice yet.

@alexbuzzbee
Try to unsubscribe from your iCloud data plan when you have too much space in use. The website can only delete picture/video one by one. There is no selection...

@alexbuzzbee I tweeted at their support staff and the response was
"The browser and OS you're using is not officially supported. To access the Apple ID website along with other sites , please try using a compatible OS and browser as mentioned here: apple.co/24FVecn"

@alexbuzzbee
You even tried setting it to OS/2. Ha! I haven't even thought about that OS since the '90s.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.