Huge iPhone Cut-and-Paste Tool Security Flaw

Harry writes "I'm using Pastebud, the new third-party copy-and-paste solution for the iPhone. It's extremely clever, using a Web-based clipboard to get around the fact that Apple doesn't provide one on the phone. Unfortunately, it seems to be giving users access to e-mails that other Pastebud users send to their clipboards. This has happened to me repeatedly and is being reported by other users in Pastebud's Get Satisfaction support forum. Pastebud is operational and still doing this as I write, even though a message at Get Satisfaction says they're working on the problem."

You reap what you sow...

[An+Ominous+Cow+Erred]

...well you *ARE* trusting a small, third party entity with your data on the internet. Can you really expect things that are not on storage you monitor yourself to be secure? Furthermore, why can't it just store your clipboard through local storage? Does it really have to put it up online? Do Apple's apps have no way to store and retrieve local data?

Apple really should have this feature built in, but you shouldn't be surprised when your workaround that involves dumping your unencrypted data on a server somewhere has security issues.

Re:No bugs in Ninnle!

[MobileTatsu-NJG]

No bugs in Ninnle!
If you switch to Ninnle Linux, your phone will be trouble free.

I'm impressed that Ninnle is so bug free that 3rd party apps are completely unexploitable.

Re:Take note of this Apple

[ImNotAtWork]

My wife has been complaining about lack of a clipboard ever since she got the blasted thing. I tell her "I told you to wait for android every time she complains."

Re:Why does it go to a server, anyway?

[Achromatic1978]

My God. How fucking horrible are -any- of these solutions?!? This one, a local one, whatever. They're all fucking horrible! All because The Steve says cut-n-paste is not for a touch screen phone. Ye gods. But apparently this is acceptable to the RDF'ed masses. I've read countless blog posts justifying the 'no cut and paste' as being a good idea, anything to require no admission of the fact that it's an ugly stupid and inexcusable UI flaw.

Still no clipboard?

[erroneus]

No wait... in ALL this time, Apple still hasn't provided this basic functionality?

I wrote off the iPhone when I learned of the battery problem and haven't paid much attention to it since then. But one thing I expected to see resolved was the clipboard deficiency. I know some of my users were bouncing around happy when an update fixed some sync problem they were having and somehow among those fixes, I thought the clipboard feature was added, but I guess I was wrong.

One thing I find ironic about iPhone is that Apple has somehow managed to restrict the convenience and basic functionality right out of the machine. I won't deny iPhone's extremely enthusiastic fanbase. It is rather incredible. But the coolest thing one user had to show was the zippo lighter. Yes, it looks and acts like a zippo lighter and serves no function at all. (Now when it lights a virtual cigarette on another iPhone, I will be impressed!) But I find it more than a little amazing that Copy and Paste are still not present.

I think, perhaps, I understand why though. Apple may have created a security model that effectively prevents that from working -- even for themselves -- ever. If all apps, as I have read here, are chrooted to themselves and essentially shares nothing with the OS (which is somewhat hard to imagine...sharing nothing with the OS... how about some API code?) then it would seem that while security holes are effectively blocked forever, so too is basic functionality. Are iPhone apps not allowed to talk to a storage device that other iPhone apps are also allowed to talk to? It sounds like "no" since this paste program uses the inter-web to share data between apps. And what? This data isn't encrypted for individual users?

Re:Why does it go to a server, anyway?

[db32]

That one is easy...Because that is what Microsoft does. They push out half completed bullshit products on their base and then say "well it will probably work right by the time SP2 comes along".

Do it right the first time and don't put it out there until it is done right. Otherwise you fuck up your reputation. It is a lot harder to get the word out of "Hey, iPhone cut and paste is new and improved and actually works like it should now!" rather than "New iPhone 3.0! Now with Cut and Paste!". Most users are going to bump into the cut and paste you describe and not even begin to understand why it is so crippled.

Also...having used an iPhone...cut and paste would be nice, but I doubt I would use it much because cut and paste on a touch screen run by your finger would be a royal pain in the fucking ass. Your finger is as big as most words on the screen, you would have a god aweful time trying to accurately cut and paste.

Re:Why does it go to a server, anyway?

[Sancho]

I have an iPhone, and I use it regularly. There have been exactly two times when I wished that I had copy/paste. So no, I don't see what the big deal is. I don't think that lack of copy/paste was a good design decision--in fact, I'm sure that the phone would be better with it. But I don't think that it's a killer feature. I certainly don't think that the addition of copy/paste will make iPhone haters suddenly embrace the device--they'll just find something else to complain about.

No phone is perfect. The iPhone does what I want 99% of the time, and is stable. I can't say the same for any other smart phone I've tried (though I haven't had a chance to play with android yet, and probably won't bother until someone with 3G coverage in my area puts out an Android phone.)

Stop with the absurd holy wars over phone choice. Who cares what other people buy? If you don't like the phone, don't buy one. Leave everyone else alone.

Re:Why does it go to a server, anyway?

[Lars+T.]

I have a hunch that Steve is looking for something a lot better than text copy-paste.

So? I'm sure that he- along with lots of other companies- is, but that's no excuse for leaving the facility out altogether until something better comes along!

Well, the excuse is that others have done exactly that, and thus Windows (and a lot of other stuff) is full of interface quirks that are still in because people got so used to them they reject the better fix. Which (at least in the Windows case) results in some apps supporting only the old, some only the new, and some being forced to support both. Heck, apps supporting just one method will often use the other for something completely else. Yeah, a fine solution that is.

Oh, you want an example? Try the keyboard command(s) for closing a window. Or the overlying MDI/SDI mess.