Linux Users Are Unable To Manage Their Apple ID on Applecom

For some reason, Apple's website where you can manage your Apple ID (appleid.apple.com) is blocking users of Linux browsers from accessing it. From a report: Having access to the website is important to manage things such as payment information, two-factor authentication, and other account details. Even though the number of Linux users accessing the website must be relatively small compared to other operating systems, some iPhone users who use Linux on the desktop noticed the issue. This behavior was first explained by user Alexander Martin on Mastodon. He discovered that when the browser reports itself as being a Linux browser, Apple's website will block the access by throwing a "Bad Gateway" error.

But not Android

[Anonymous Coward]

If the user-agent contains both Linux and Android, it's allowed.

Sounds more like some intern fucked up.

Re:

[Cito]

I was gonna ask or suggest trying the user-agent switcher plugin for Firefox and if it'd work.

I know I use that plugin for Firefox on my android tablet set for Linux desktop to avoid mobile themed redirected sites since they don't look good on a large tablet screen.

But last and only apple device I ever owned was an iPod touch 3rd generation.

Re:But not Android

[jythie]

Yeah.. I suspect some horrible mess of nested if-then-else clauses with some fall throughs or cases with errors in them.

Re:

[BringsApples]

In the end, this will probably affect 25 people. Making sure things work with Linux is probably a job given to interns.

Re:But not Android

[Anonymous Coward]

In the end, this will probably affect 25 people. Making sure things work with Linux is probably a job given to interns.

This statement demonstrates the kind of utter ignorance that is the source of such problems.

Nothing is needed for any web site to "work with Linux" -- the problem is that such sites arbitrarily reject web browsers with user agent data that claims the OS is Linux. If you run Linux and change your web browser's user agent info to spoof OSX, then the site suddenly works on that browser.

I would bet that this affects a lot more than 25 people, as not only are there plenty of Linux users with Iphones, but there also must be one or two savvy Windows and OSX users who employ user agent obfuscating plug-ins on their web browsers.

Re:

[infolation]

Bear in mind we're talking about Apple, the company that maintains [cups.org] Linux's printing subsystem. [ubuntu.com]

Re:

[smpoole7]

> I would bet that this affects a lot more than 25 people

My wife is one of them. She runs Fedora on her Dell laptop and the browser just would not work with Apple's support Website.

Re:But not Android

[Albanach]

Fortune.com [fortune.com] reported over 700 million iPhones in use in 2017 with an expected billion within a few years.

If only a tenth of one percent of those iPhones were owned by someone who uses Linux on their desktop. you have a million folk impacted.

Sure, Linux is a niche, but when you're the size of Apple, even small percentages quickly become big numbers. Let's be conservative ans say just 20% of Linux users buy their iPhone new - that still points to 140 million in revenue, not including any app store sales.

Re:

[BringsApples]

I run only Linux at home. I have an iPhone. I don't go to appleid.apple.com. I manage my apple ID on my phone. I think a lot of folks do this. I said 25 users will be affected, but maybe it's actually less.

Re:

[MessageDrivenBean]

One here. Let's start counting by replying to your post.

Re:

[BringsApples]

Ha, great idea. ok, 1. Anyone others?

Honestly I feel like Linux users already have dealt with shit for so many years that we're all quite thick-skinned when it comes to things not working smoothly. And when there's some shit situation where things don't work, a typical Linux user will simply carry on in another way.

Re:

[paulatz]

So when your iPhone get stolen, how do you manage to lock it remotely?

Re:

[Chris Hodges]

It cost me several hours last time I worked from home. Have you had >25 replies from people affected yet?

I tried things like brand new FF profiles but couldn't work out why a server-side error would be caused by my browser. In desperation fired up my chromebook. Tweaking a mac-users slides in keynote online is no fun on a 10" screen.

Re:

[infolation]

Alexander Martin, the fosstodon.org person who discovered the issue writes:

It sniffs your User-Agent.
If it says Linux, Bad Gateway error.
IT WORKS WITH A WINDOWS UA
IT WORKS WITH A BSD UA
IT WORKS WITH ... OS/2 UA

Apple and free don't mix well

[kiviQr]

...if you don't have $$$ then they do not want you.

Re:

[Anonymous Coward]

Tell that to the cloud install that my business has. Right now, I'm paying the VPS for machine costs, and all my CM stuff is handled by Ansible playbooks. Total license cost? Zero. Were I to do the same in Windows, I would need at least 20 copies of Windows Server 2019 Data Center Edition, SCCM, a full volume license, and a metric ton of CALs. I then would need to throw in the time and effort to have patching done by SCCM, SCUP entries so third party stuff gets patched, AV software, and so on. Then, I

Re:

[AmiMoJo]

More likely it's an attempt to block attackers trying to get around 2 factor auth. The attackers trick the user into providing their 2 factor code and then do the actual login from a Linux server somewhere, so Apple's rather blunt but effective block is to return a bad gateway error for Linux clients.

Re:

[Highdude702]

Has nothing to do with apple, he's just a know nothing know it all.

Re:

[JackieBrown]

That doesn't make sense at all. Do you have an example of this - and that it only works using Linux servers?

Re:

[AmiMoJo]

It's a pretty common first line of defence. If you notice that all the attacks are coming from a browser that lists the OS as Linux in the HTTP request, and 0.0001% of legitimate requests come from Linux users who presumably also have an iDevice anyway... Just send a fake error message.

It actually works reasonably well against script kiddie types using cheap VPS systems, at least for a while as you get your other defences in place.

Re:

[aardvarkjoe]

...so Apple's rather blunt but effective block is to return a bad gateway error for Linux clients.

Yeah, "effective". Unless your attacker uses a common operating system instead of an unusual one. Or can figure out how to change their user agent string.

That explanation isn't the least bit plausible.

Re:

[infolation]

Never attribute to malice that which is adequately explained by stupidity.

Re: Apple and free don't mix well

[KendyForTheState]

Sounds like yet another good reason to dump Apple, as if you really needed it.

Is it malice...

[IWantMoreSpamPlease]

or incompetence (on Apple's part)

Re:

[Anonymous Coward]

I think there is enough evidence to conclude is Apple's incompetence. Macbook Pro i9 throttling? keyboard broken by dust in the endless search of ultrathing laptops? audio glitches when syncing time? root access login with an empty password?

Getting rid of audio jack? yeah, that's malice. Everything else I'd take as just plain incompetence.

Re:

[alvinrod]

Maybe they're just trying to spare Linux users from their awful software. Everyone knew that iTunes used to suck horribly on Windows, but it's become a giant flaming pile of shit on Macs now as well. Hopefully Apple will extend this blocking to users of other operating systems so that everyone is spared the misfortune of using that wretched mess.

Re:

[ctilsie242]

Maybe Apple should just throw in the towel and support PTP/MTP like every Android phone since antediluvian days? Apple supports PTP/MTP on iOS, but Macs don't support it.

That way, iTunes can be chucked completely as a "one size fits all app", and replaced by an app for DFU iOS firmware installs, and an app for music management/store.

Re:

[fermion]

Apple overemgineers thie site and it makes no sense. They are one of the few companies that still, for instance, forces you to use an App instead of their site,

In this case it is likely a badly implemented design decision.

Re:

[zdzichu]

Seriously? Deriding Linux users _on Slashdot_?

Re:

[zdzichu]

I believe majority of Slashdot users are Linux users. And some of them may even used Apple devices.

Re: Is this a big problem?

[gnasher719]

They certainly have it coming! The biggest assholes in tech, by far. There are a few decent ones not totally consumed by zealotry, but the rest need to get fucked.

Im not sure if you are trying to insult all Linux users here. Or all Apple users. Or is it the Android users? Or Microsoft users? No, I know what it is. You are the last living Amiga user and you try to insult everyone laughing about you.

Re:

[bigdavex]

I'm not deriding Linux users. I use Linux exclusively on my personal laptop. It's that the intersection of Linux and people who care about Apple ID and don't have access to alternative way to use it that seems pretty small.

Re:

[krray]

Um ... there's four of us.

Change useragent...

[Anonymous Coward]

... problem solved. That doesn't mean the web is well designed, but better than actually being unable to do anything with it... is to change the useragent in the browser of your choice.

Server to server access

[Dan East]

More than likely it's an overbroad method of filtering to block requests to that page from servers.

Re:

[mccalli]

That's what I thought too, although another possibility is that several JS frameworks compile for only specific browser targets. It's possible they have just omitted the target.

Get a Mac

[Anonymous Coward]

It just works.

Re:

[fbobraga]

You will pay the overprice?

Works on FreeBSD

[ottdmk]

Weirdly enough, it works with the useragent set to FreeBSD (which, on my FreeBSD 12.0-RELEASE box, it is by default.) I'm used to websites working oddly with that useragent; this is the first time I've encountered the FreeBSD useragent being an improvement over a Linux one.

Re:

[Nerdrockor]

I was wondering about this, because Darwin the basis for Mac OSX is built on BSD.

DDOS mitigation

[Anonymous Coward]

I'd guess it's a side effect of DDOS mitigation, blocking incoming requests that probably aren't legitimate (the intersection of Apple and Linux users has got to be astronomically tiny), significantly more likely those requests are coming from an attacking botnet.

Re:

[quenda]

Ditto for Ubuntu & Chrome.

Fixed?

Deceptive headline

[OneHundredAndTen]

Unable? As in they are so stupid that they can't figure it out, or are they explicitly banned by Apple from doing it? It is of course the latter but, would it have killed you to come up with a less biased headline?

Seems to be fixed

[hawky]

I just tried and it is working fine, yesterday I was getting the error.

Linux Users Are Unable To Manage Their Apple ID

[buddyglass]

All three of them?

Re:

[CronoCloud]

http://localhost:631/ [localhost]
CUPS 2.2.8

CUPS is the standards-based, open source printing system developed by Apple Inc. for macOS® and other UNIX®-like operating systems.
CUPS and the CUPS logo are trademarks of Apple Inc. Copyright © 2007-2017 Apple Inc. All rights reserved.

This is on a machine running Fedora 29.

Works for me

[0ryn]

I just logged in ok using Debian / Firefox.
I guess they fixed the issue??

Headline should say "were maybe not able to"

[thecombatwombat]

I just got in fine with Firefox on Fedora 29 and I'm not spoofing the user agent or anything.

It seems this was fixed within a few hours at most of the source article going up, and it's not clear exactly what user agent string got the error, or for how long, or even if that was definitely the thing that broke it. This is nothing.

Throwing versus making

[JustAnotherOldGuy]

"He discovered that when the browser reports itself as being a Linux browser, Apple's website will block the access by throwing a 'Bad Gateway' error."

That sounds more like Apple pretending there's an error, since a 'Bad Gateway' isn't normally something that a browser could cause (unless you have a really, really shit site).

Something similar happens on Hotmail when you go there with some browsers, the page will refuse to display and chokes up an error. Tell me how browser "A" requesting a page is materiall