Slashdot Mirror

As mentioned, Little Snitch works well on a Mac. The last time I used iOS, I used Firewall iP. It required a jailbroken phone and I don't know if it's still maintained.

I've never found an interactive egress firewall for Linux or Android, which always surprised me.

At some point, hacker ideals can become very profitable. Cydia started as an alternative to the App Store and some estimates place revenues now as high as $10 million a year. More power to these guys!

Number of programs/apps I can run on an iDevice outside of the official app store:

More than Zero.

Not to mention development and enterprise apps that are also never seen by Apple.

In all seriousness, what I want the iPhone to do that Android does is be able to control the hardware from a quick access screen - ie, turn the wifi or bluetooth on and off quickly without having to use the main settings app.

evasi0n jailbreak + SBSettings would fit that bill. Even works from the lockscreen.

There is nothing to fund here. iOS can operate without the provisioning file model. That's how cydia works. Any iPhone owner who wants to can enable loading software without provisioning files.

As for security: Android, Linux (in general), Windows and OS X aren't remotely as secure as iOS. iOS is more on par with something like OpenBSD, EnGarde Secure Linux or NSS Windows 7. Customers seem to be extremely enthusiastic about the enhanced security. They seem to love being on a system that is immune to viruses unless the end user deliberately disables security features.

Now you mention something about funding. To the best of my knowledge there are no permissions based systems that are as secure as capability systems. So yeah Apple has insane amounts of cash, but you are talking theoretical computer science here. We have no idea what it would cost to deliver iOS security without the provisioning system.

Third, users should ultimately be the ones choosing between security vs. functionality... not the vendor. The device is owned by the user, not the vendor.

Apple agrees with you. What they don't want to create is a situation where users are pressured into reduced security by developers. Users who are knowledgeable enough to make those choices can do whatever they want. If you know enough to make those choices then you know enough to create your own provisioning files for your device. They know how to bypass the security mechanisms and push stuff through from the command line on their mac. And similarly for the naive who have friends with developer licenses their friends can create a provisioning file.

If they have a friends / business that's willing to fully support them they can register with a different set of servers using the Enterprise SDK. Apple doesn't make it impossible or even very difficult.

The problem that most people have is that Apple customers really like Apple's strict management and aren't willing to opt out of the security features. But that is the users making a choice.

seeing how simple it is to set up the Android qemu/kvm based SDK in a virtual machine on Linux, I don't know if that itch is really very scratchy.

BlueStacks got over $10m funding, so some people think it's a good idea. It should be really easy to do, too - all the source required is open and already runs on Linux/Android, it just needs porting to Linux/desktop.

please tell us more about this debian chroot solution.

http://www.mayrhofer.eu.org/debian-on-android http://www.saurik.com/id/10

I suppose that's why it's awesome that iOS is open-source

Actually it is (check out Darwin sometime).

and a thriving community has grown up around modifying the sources to leave out bullshit like CarrierIQ

Unlike Andorid the shell of a CarrierIQ system that shipped with iOS was never enabled, and did not contain a key-logger or any of the other items that made CarrierIQ objectionable to start with. The hint that remained was removed in iOS5.

But my all means bring up CarrierIQ again and remind the world that Android is shipping with active key-loggers in many phones.

Let me know how those custom iOS roms are working out.

Actually, pretty well.

iOS is far easier for the technical user to customize and hack than Android thanks to the use of Objective-C in applications.

When you stop and think about it it's pretty dumb to have to install a custom ROM when you can just have system tweaks do whatever sets of modifications to the system you are really after. It means you can much more easily track official OS updates.

If you think OSX is unix, you never used unix.

Well I've extensively used and programmed on various flavors of Linux, AIX, HPUX, and BSD... that's besides the HP/MPE and VMS systems (which of course are not UNIX but broaden the mind) but if you think somehow I need more experience please list what I am missing. Frankly I am thinking you probably have way to narrow a definition of UNIX.

Go ahead and use it, you will find many many things changed to accomodate the single (active) user nature of OSX.

Yes, many things are changed, which is the reason I started using OS X day to day instead of Linux.

Really? Where is the cli on the iPhone? On the iPad? On the iPod?

Just as far away as it is on many other UNIX systems... APT.

Although CLI comes automatically with jailbreaking.

If you really knew and deeply understood UNIX you wouldn't freak out about a CLI not shipping on a system by default. It's just another user process...

I guess that Apple would never accept a similar App for the iPhone - it might disturb the user experience.

That's true, but there's one available in Cydia for jailbroken phones. Called Firewall IP, it works pretty well.

"Because you can't choose not to use it."
http://cydia.saurik.com/

Right, so you root your iPhone and then you get iPhone malware.

People keep talking about walled garden etc. I don't know if anybody has ever heard about this method I use: It's called "don't run binaries from untrustworthy places" and it's been working pretty well for about as long as I can remember.

"Because you can't choose not to use it."
http://cydia.saurik.com/

100% big enough for you?

The App Store is not 100% of apps sold.

They are the sole marketplace for i-apps.

No they aren't. There are something north of three to four million jailbroken phones at this point, all of which can use the Cydia store. And the jailbreaking tools are so easy anyone who cares to can use them.

The ONLY reason apple's app bannings are news is because they assert 100% control

Since they don't I guess there is another reason. It appears it's the Apple Hating Fever.

Hold on a second.....

You are stating that because a jailbroken iPhone can use a 3rd party store this is all Apple Hating?

How about the fact that you MUST jailbreak your iPhone to use it with a 3rd party store?

Ok, how about the fact that iPhone Jailbreaking Could Crash Cellphone Towers, Apple Claims.

Sorry, just trying to point out a problem with logic.

Wait, but you can use a 3rd party store...but you have to jailbreak your phone, which is bad......

100% big enough for you?

The App Store is not 100% of apps sold.

They are the sole marketplace for i-apps.

No they aren't. There are something north of three to four million jailbroken phones at this point, all of which can use the Cydia store. And the jailbreaking tools are so easy anyone who cares to can use them.

The ONLY reason apple's app bannings are news is because they assert 100% control

Since they don't I guess there is another reason. It appears it's the Apple Hating Fever.

That guy is complaining about the lack of a non-jailbreak common area, and non-jailbreak accessible file manager. iOS supports these things just fine. You can jailbreak your own iOS device and find out, or you can read one of the zillions of posts about people sshing to their iOS device.

The command line is fully accessible (once you jailbreak) from the device itself using MobileTerminal. Unfortunately that project hasn't been updated for the iPad yet, so in that case you need to use an SSH app to SSH to localhost. Works great.

If by user-level file manager you mean a pretty GUI, you can use something like iFile or Mobile Finder. Note that Linux doesn't have a pretty "built in" GUI file management system either - you have to install X and a window manager for that.

I think you're kidding yourself. Apple doesn't want to have to deal with large numbers jailbreakers. Their actions aren't consistent with a company that actually cares whether a few people jailbreak their devices or not. I have personally returned a jailbroken and non-functional iPod touch for a replacement. If Apple really wanted to discourage jailbreakers they wouldn't replace devices that were clearly jailbroken.

"Second, if it doesn't exist in the UI, for all intents and purposes, it doesn't exist. The UI controls what average users can do."

Yes, we're back to you wanting a pretty GUI. That's fine, but it's not a comment on the "robustness" of the operating system. Linux is a good, robust operating system and doesn't have a pretty GUI, although you can add one if you want.

As the article states, Jonathan Zdziarski has been doing this for several years. He's the author of iErase/iWipe (which seems to have been in the App Store previously but is Cydia-only now), runs iPhoneInsecurity.com, and has a blog with quite of bit of stuff related to iPhone forensics and security. He even has a post specifically addressing the "screenshot leak".

The Cydia App Store has also been around for a while, serving the jailbroken iPhone market. Of course there is not a huge number of apps on it, but there are also lots of free apps in the Cydia repository.

Yeah, but Cydia is only for users that can handle the truth. Not everyone can bear that burden.

The Cydia App Store has also been around for a while, serving the jailbroken iPhone market. Of course there is not a huge number of apps on it, but there are also lots of free apps in the Cydia repository.

You're not informed.

http://cydia.saurik.com/package/mobileterminal

If the Android Market business model does not suit your needs, you can go to a third party marketplace. You can find one that has the tradeoff of security and flexibility that matches your own. You can't do that with Apple.

Of course not. Everybody knows there are ZERO iOS apps available outside of the App Store.

Who are you kidding, fucktard?

I may have this wrong -- I'm not an iPhone owner -- but I was under the impression that the only way to get apps (real apps, not browser-based apps)

Why are those not real apps? They can use location services, the accelerometer, and many other phone features to give you the same kinds of data "real" apps can. There are a number of "real" apps that could easily be done as web apps - of course then Apple would not be paying anyone to have them downloaded, and users looking for applications would not find them in the App Store. Apple however also has a "Web App Store" of sorts.

on the iPhone was to get them from iTunes. Only if you jailbreak your phone (which Apple says is illegal)M

Hold it right there. What Apple says and what is reality are two different things. Apple may say they consider it illegal - but not one Jailbreak user has ever been charged with anything, and the whole jailbreak scene is run openly by guys in the U.S. Saurk was first in line to get into WWDC (Apple developers conference) this year!

At this point, well north of a few million people are running jailbroken devices.

can you get apps from other sources. Is that not correct?

In addition to jailbreaking, if you are a developer you can compile and run whatever you want on the device.

I looked at saurik.com but it does not look like software aimed at normal users (it mentions in the FAQ that most of the software there is commandline tools or development libraries).

Click on the Store link. There's tons of software there normal users would want, including stuff that extends system software (really one of the bigger uses of jailbreaking).

Gee, maybe it's because there are other stores where we can buy food?

Disregarding the fact you can simply buy some other platform altogether (which actually scuttles your point totally), there are other sources for iPhone applications.

No, the C API on Chrome OS and Android is closed. It's Google only.

No it isn't.

HTML5 and Flash and Java applets only on Android.

You can run Debian on Android. It works fine. You can run GCC and compile whatever you want.

Idiot fan boy. Android is no different except to people like yourself who try and draw some line between the two.

http://cydia.saurik.com/
http://iphonecake.com/appcake/
http://www.iphoneapplist.net/
http://iapplications.ru/

Or this?

http://www.saurik.com/id/5

Cydia has a python package for apple. The "Appbackup" application uses it. Something tells me your posting about a non-jailbroke phone cause the previous poster linked for android as well.

"You just can not sell it in their store."

Can you sell it in some other store?

yup

Yes.

As an aside, and a bit off topic, I am interested in the AndroidExecutionEnvironment that was being developed for Ubuntu. A (hopefully) simple port to maemo would mean I could still run my favourite Android apps.

Huge big up for this. If the Android-Phone users can install Debian along their main OS, it's a shame that users of Maemo, Angstrom, OpenMoko, etc. can't do the other way arround.
Extra Bonus Points if it works in WebOS too !

As for "applications that Apple doesn't [sic] like", you must mean malware, trojans, and data theft mechanisms. If you want to run those by all means do so. You could save yourself some trouble and just write your date of birth and credit card numbers on a placard and hang that around your neck when you head to the mall.

Or it could be just about every app listed on Cydia http://cydia.saurik.com/ .... which are no malware, trojans or data theft mechanisms... though you can get data theft ones from the app store: http://yro.slashdot.org/story/09/09/29/1933252/Retrievable-iPhone-Numbers-Raise-Privacy-Issue?art_pos=34

Android devices can mount loopback file systems, overcoming FAT's lack of unix permissions. They did it to install Debian on the G1's SD card.

Yes, and as I said, this is exactly what I keep hearing about as the long-term plan. The problem as I understand it is that it will require significant developer time to write an implementation. The easy part is automatically generating, mounting, and unmounting the encrypted loopbacks as needed. The hard part is changing Dalvik, the GUI, etc. so that they all do something sensible when the SD card is yanked out.

(The naïve solution of "SIGSTOP the missing apps until the SD card is reinserted" could well leave the phone effectively hosed if the app was running in the foreground. There are plenty of full-screen apps that hide the notification panel, and apps can capture a surprisingly large set of keypresses — and games, the most likely candidates for installing to an SD card, are also the most likely candidates for capturing keystrokes and going full-screen. Most users won't care that adb shell still works fine.)

Disclaimer: I work at Google, but not on Android and definitely not as a spokesman for Android, and I would be quite shocked if any of this were news outside the company. I'm fairly sure the bulk of this discussion exists in the public Android bug tracking system, as I remember being pointed there when we all got our shiny ADP1s a year ago and the same question came up. At any rate, the problem space is well known since it afflicts non-Android Linux (esp. Knoppix and other removable-media distros, which solve the problem by copying the entire system image to a RAMdisk).

Android devices can mount loopback file systems, overcoming FAT's lack of unix permissions. They did it to install Debian on the G1's SD card.

Here's your 'vast aftermarket' for people who wand something different on their iphone.

http://cydia.saurik.com/

Now stop your fucking whining.

If you jailbreak, you can access the Cydia app store, which is awesome, and has stuff that Apple would never approve. You can install things like tethering apps directly from your iPhone, it's as functional as the official app store.

There is at least 1 phone able to do this half a year ago, you still have to do the install youselfd though:
http://www.saurik.com/id/10

Just a day or so ago, Cydia (the awesome package manager for jailbroken iPhones used by reportedly more than 2million iPhones) launched a new app store of its own.

There have always been paid apps for jailbroken phones, but usually they would require you to go to the developer's or another web site to purchase the app. Now however, it appears that not only can you write apps that have full access to the device and without censorship, you can also use the Cydia store for a seamless shopping experience.

The Wall Street Journal and others have more information.

Granted, this doesn't give you exposure in the App store and there are issues with dealing with jailbreaking your phone, but it does provide iPhone developers and users with a choice.

Cydia's appstore makes a rather well timed appearance.
That, having a special product with a high utility for customers, an excellent manager and a high rate of innovation almost puts it on par with the Worlds top business outlets.
My admiration for Saurik's work. Respect!

You can run non-GUI binary packages without recompiling Debian & Android Together on G1

You come here and say they'll replace the closed source stuff with open source in the GTA03 however you've got no proof, it even says so on the wiki.

It isn't closed source - it's open source but closed specification. There is a difference. And despite the disclaimer, the page also says that the hardware has been taped out and evaluation boards already manufactured. The disclaimer just means that the specs aren't set in stone, the reality is that there's a high probability that GTA03 will contain the listed hardware... and as for me not having any proof - well, you're right, I'm willing to accept that I can never provide a proof that some future event will occur. Can you?

and I am sure all 2 people that care about kernel access are happy.

Just because you do not care about kernel access, does not mean that nobody else in the world does. One of the first things that Saurik did after the G1 was jail-broken was to load kernel modules for ext2 and unionfs. Kernel access is a good thing.

Saurik explains alot of it here.

They developed using Apple's open-source stuff via darwin-gcc, if I understand correctly. You just never got any of the really cool class headers required to use the neater functions of the IPhone.

In order to make the most with the 2.x firmware, you needed to get the SDK. Once you got it, you agreed to the NDA.

Argh.

Should read

Saurik and other jailbroken-iphone devs

Click here if you want to get a see what is needed to compile code developed outside of Apple's X-Code.

There are some projects like PyObjc which is natively supported in OS X and apparently ported to the iPhone:
http://www.saurik.com/id/5

It still takes some mucking around the Objective-C API's, but I was able to cobble together a python app for OS X (using the sexy Interface Builder) in a couple weekends.

I agree with the parent's sentiment, but I know where you are coming from. If learning the API and dev environment are too cumbersome for the scope of your project, it may not be worth it. However, I found that Apple's APIs are very well documented and it has been one of my most pleasant application development experiences to date.

I got that working ;P. It's JamVM with a custom connector from Java to Objective-C that works like PyObjC, allowing access to all of the frameworks on the device. It's actually been around for _months_ now, but I have been quite busy and have been unable to really market it well enough. If anyone wants more information, please e-mail me: saurik@saurik.com. My website is http://www.saurik.com/, and I've had a bunch of time in the last couple days to actually write articles for my site, and JocStrap/iPhone/Java is next ;P.

Correction: generics are unglorified macros. Templates are glorified macros. Templates can add type safety at compile time with no runtime penalty. Generics macro expand their type safety into java casts, which incur a decent runtime penalty (especially for large container intensive algorithms).

Additionally, I once saw someone (saurik from saurik.com) use templates to do dynamic programming at compile time. He wrote an exponentially increasing algorithm to have an exponentially increasing compile time but constant run time when an arbitrary limiting value n was increased. Not actually useful, but still really damn clever and it illustrates the versatility of templates for meta-programming. And more importantly, I am pretty sure the same program is illegal for generics.

> After 'migration' it is still Java code you are using. It won't be much faster and you will still have to maintain it.

This would be true, but as with Java, .NET has a decompiler. This one happens to be open-source, even.

The thing that bugs me about this is that there is already a quite good, open-source runtime out there. Intel has charged their Microprocessor Research Laboratory (MRL) with the creation of ORP, the Open Research Platform.

ORP is designed as a runtime platform that has a very clean separation between the core, the JIT, and the garbage collector. The idea is that, right now, it is difficult to compare various algorithms as to implement them often requires a different core runtime (which could ruin the accuracy of the data). Initially, it operates over Java byte codes, but it was designed to be much more than that. In every press release MRL has released, they have never called it a JVM.

Recently, at Java Grande 2001, some people from MRL gave a talk about their work on ORP and put their slides online at their SourceForge project. In this presentation, it is mentioned that they have are "considering adding support for CLI". CLI stands for "Comman Language Infrastructure", the core parts of .NET, for those people who aren't keeping up with the flurry of 3-letter acronyms that begin with "CL".

Having someone like Intel behind a project to create an open-source runtime would lend it credibility to both end-users and corporate decision makers. It would also give powerful support to the development of JITs for Intel platforms.

A while back I attempted to get some support for a project that would involve talking to Intel (that Miguel de Icaza from Ximian can even be seen on the mailing list for) but was unable to gather enough people to make approaching Intel sound useful (this was also before Java Grande). As of right now, I've all but given up on that project; especially seeing that having a large project like Mono around (which is under GPL, instead of the modified BSD license of ORP, which gathers more of the pure "free software"/GNU advocates) would discourage individual contributors and organizations (such as MRL) from commiting much of their efforts.

I have been thinking about approaching Apache or FreeBSD about trying to put together a project with Intel to work on this. If anyone is interested in this, has opinions, comments, questions, concerns, arguments, just plain wants to send me death threats (hey, I like e-mail), feel free to send them to saurik@saurik.com.