Follow

I figured out the appleid.apple.com issue.

It sniffs your User-Agent.

If it says Linux, Bad Gateway error.

WHAT THE ACTUAL FUCK

IT WORKS WITH A WINDOWS UA

IT WORKS WITH A BSD UA

IT WORKS WITH A GOD DAMN OS/2 UA

NOT LINUX

WHAT IS WRONG WITH YOU

And it's specifically that too. If I delete "Linux" from the UA and resend the request, it succeeds. If I delete just the 'x' off the end, it succeeds. If I lowercase the 'L' it fails. They are deliberately blocking Linux users from managing their Apple ID if they have one.

Wait what?

If I remove the "X11; " from the OS section of the UA, it succeeds. So they're sniffing for "X11; Linux" case-insensitive.

Guess Apple hates X11.

@alexbuzzbee They know the year of the Linux desktop is soon(tm) so they must stop it at all costs

@alexbuzzbee how very strange. perhaps they ran one test, didn't like the result, and decided to just block 'the experience' altogether?

@alexbuzzbee let's keep in mind that this is the company that currently maintains Linux's printing subsystem

@zalandocalrissian @alexbuzzbee

> #Apple currently maintains
> Linux's printing subsystem

Very reassuring, indeed...

@Shamar @zalandocalrissian @alexbuzzbee Something I noticed when reading that: the file conversions incorporated into it are for us maintained separately. The ones maintained with CUPS are Mac OS-specific.

So far the core can still be compiled for Linux-based systems. But it is worrying.

@Shamar So that's why printing on Linux is just as good as MacOS. I never knew they were the same one, but I noticed that Mac/Linux support of printers is significantly less broken than on Windows.

@Shamar (Also I noticed the sarcasm, point stands.)

@alexbuzzbee Do you ever just really wish capitalism would stop fucking up software?

@typhlosion this is probably mood for you too.

@alexbuzzbee This sounds like an anti-competition lawsuit waiting to happen tbh.

Then again, with the FTC & FCC under the control of corporate CEOs atm, it probably wouldn't go anywhere even though it's as illegal as Microsoft's anti-competition practices that they were punished for in the 1990s & early 2000s.

@rick_777 @KitsuneAlicia @alexbuzzbee THAT'S WHAT WAS HAPPENING!!!

I ran into that this week trying to fix someone's new Mac, and could not figure out why it was failing only from my laptop. This is why I hate Apple.

@rick_777 @alexbuzzbee Even if they did and won, Apple would still only unblock it for the EU and the accounts would be region-locked so that someone in the USA couldn't use a proxy or anything.

I've seen it happen with the GDPR. The EU would get blazingly-fast sites while everyone here in the USA still has to deal with 90% of the bandwidth getting eaten up by trackers.

@rick_777 @alexbuzzbee The EU versions of many sites have ways to opt out of cookies and stuff. All we get here in the US is a notification that "by using this site, you agree to let us use cookies to personalize your experience" with no way to opt out.

@KitsuneAlicia
@rick_777 @alexbuzzbee
Sorry, but this is bureaucratic nonsense. The EU bureaucrats made this, in an effort to pretend "they care", but in reality to legislate every aspect of our lives (soon, they will make up laws for farting).
. . .
Very annoying, time consuming, and useless too. Who needs #cookies to track you these days?
And in any case, all major browsers have more user friendly ways to block cookies.
#bureaucracy
#Linux

@syntaktis @rick_777 @alexbuzzbee Nope. Try again. I didn't just mean cookies. I was mainly referring to all the tracking *scripts* that these corporate jerks use. *That's* where the biggest speedup comes from.

I witnessed it myself by loading a beta version of a site that didn't have any of the tracker scripts back when they were still trying to figure out how to navigate the GDPR.

@syntaktis @rick_777 @alexbuzzbee And blocking these things isn't the same as not even having them in the first place. Users should have the choice to opt IN to this shit, not out, and the option should be given in a clear & concise manner.

Currently, most sites only give that little popup modal at the bottom and give zero ways to decline. Some go further and block the entire site until you accept their trackers.

So like I said, try again.

@syntaktis @rick_777 @alexbuzzbee Oh, and just to be clear, the US version of the site was still bogged down with trackers and the EU version was only visible to us here in the USA via proxies.

I think it was a US-based news site like the New York Times or something. Not entirely sure.

@KitsuneAlicia
@rick_777 @alexbuzzbee
...and every time we visit a website we will come in a legal agreement with the publishers of this site.
That's ❗ exactly ❗the bureaucratic nonsense I'm talking about.
"Oh, please talk to my lawyer...", "I'll have to ask my accountant..."
People like these shit, because it makes them feel important.
But they mean nothing!
What will you do? Sue them? Who's making more money?
Your accountant, your lawyer, or you?
Not you?
How can you afford an accountant and a lawyer, then?
. . .
These are all piles of horseshit, that we have to navigate through, every day.
#bureaucracy
#Linux

@alexbuzzbee It may be for security purposes, since X11 lets any app sneak into each other

@espectalll @alexbuzzbee from that perspective, if your x11 is infected and they want to target this specific page, it is already possible to change the user agent. :shrug_akko:

@aetios @alexbuzzbee no, you can just make any program be a keylogger

@aetios @alexbuzzbee that's not compromising X11, it's literally by design

@alexbuzzbee what on earth are you doing in that god forsaken site anyway

@alextee My family uses Apple stuff and they've got a shared calendar in iCloud. I needed an app password for Thunderbird so I could get at it. Only way to generate one is to use that site.

@alexbuzzbee Maybe they balance the load based on UA (for UA-specific content) and one of the servers failed?

@alvarezp It’s also been suggested that an IPS is reacting badly to attacks with an X11; Linux UA.

@alexbuzzbee @alvarezp This is my thought, too -- some really, really shortsighted attempt at defense against some sort of attack.

That being said, I wonder how broad this "linux prevention" goes -- I've been using the wonderful, third-party site "playapplemusic.com" to use Apple Music on the web (since Apple doesn't provide a web interface, or even let you download the Apple Music app on ChromeOS), and it went down about a week ago, too.

@mdm @alexbuzzbee Yes. The problem is not so much that things fail, but how to make them aware. I wonder if they are not yet aware.

@alexbuzzbee @andreas I wonder if it came out of some incompatibility in the past or legal issue? It’s weird that they would block an entire os for no reason.

@alexbuzzbee maybe we should politely ask Apple about this? Assume it was a quick fix for something that's no longer needed and they forgot about it? I guess screaming at them in caps won't do any good...

@alexbuzzbee that’s odd, bc we have an iPad here at home and I have logged into iCloud from my laptop just last week to download photos with no problem (apart from that despicable service, which only allows you to download **one photo at a time**)... Or maybe this is a very recent thing.

@areppo iCloud works fine. It’s specifically appleid.apple.com.

@alexbuzzbee maybe they blocked that user-agent because of spam? definitely a bad look for an OS vendor though

@alexbuzzbee Even if that were remotely okay to do, which it obviously isn't, that's... not what a 502 means!

@jomo @alexbuzzbee yeah, I had too call them to cancel my old apple id. Such a pain.

@jomo @alexbuzzbee it actually looks for Linux AND X11, I would say perhaps due to security concerns

@espectalll @jomo @alexbuzzbee if your security relies on user agents...... what are people paying you thousands of dollars for again?

@grainloom @jomo @alexbuzzbee it's not that, it's that you need to trust the clients to do their job. Sure, none of them are warranted to be safe, but X11 is vulnerable BY DESIGN. Even Windows won't just let any program catch any desktop I/O without admin permissions

@grainloom @jomo @alexbuzzbee yes, it's VERY easy to sort around. Yes, it's relatively easy to also detect false flags. And YES, the error message isn't very informative. AND YES, it's very opinionated and paternalistic if true. But it's Apple we're talking, after all.

@jomo @alexbuzzbee Seems to be fixed now, though, however; or not? I get a "HTTP/1.1 200" for "Linux" and "X11" and "X11; Linux".

@agbo @jomo It’s known to work for some now, but try “(X11; Linux)”.

@alexbuzzbee @jomo
Apple:
:drake_dislike: increasing security of our services
:drake_like: just block Linux traffic coz they’re probably all hackers anyways

Sign in to participate in the conversation
Fosstodon

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.