Update: Apple has released an update that fixes this bug. If you’re using OS X High Sierra you should update. If you’re not, keep reading because setting your root password is a good thing to do anyway.

What happened

Apple has a major security bug in the latest version of MacOS that allows anybody to get full admin (root) access without a password. As a result, people are a little peeved about it:

What to do about it

You can fix this even if you’re not using the latest version by setting your root password. First, open a Terminal window and enter this command:


sudo passwd -u root

This will ask you for your password, and then ask you to enter and confirm your new root password. Note: You don’t see what you’re typing or any asterisks when you enter passwords in the Terminal. Just relax and make sure you enter the password correctly:


Password:
Changing password for root.
New password:
Retype new password:

Finally, make sure to use a password that isn’t the same as your user account, and that’s either stored securely (I like LastPass) or is easy to remember but hard to guess.

If you aren’t an admin user you’ll see an error message like this:


USERNAME is not in the sudoers file. This incident will be reported.

Don’t freak out because the “reporting” is just making a note in a local file. (Or is it…) You won’t be able to fix this, but somebody who uses your computer must have an admin account, so ask them and they’ll be able to fix it. Or you can use the instructions on Apple’s site.

I expect Apple should have a fix for this soon, because it’s really bad.

I telecommute from a rural town and have one ISP to choose from. If you repeal net neutrality there will be nothing stopping them from blocking specific content, and to do that they’ll have to block VPNs as well. This is because VPNs would allow users to work around the content restrictions. Without the ability to VPN into my office I will not be able to work remotely, which would place a sever burden on my family as my home office is over two hours away and I would have to spend money commuting. I would also be away from my family much more.

My wife also owns a retail store with an online presence. Blocking access to customers would severely reduce her sales. Our margins are low, considering she sells used sporting goods, so she needs access to customers in order to stay profitable. Without this there’s a chance our small town will lose another business.

Please, we are small business owners and hard working tax payers. We need a free and open Internet to at least try for the American dream.