Any language that lacks an inherent insecurity can be used to write secure apps, just as any language (Brainfuck, anyone?) can be used to write any program.*
You choose a language not because it makes it possible for you to do anything, but because it makes it easier than another language.
*I realize that there are cases where performance-per-core is critical, and that narrows your choices considerably. Still, in that situation, some use C, others use C++, and still others use Lisp.
You have a slim case when Apple changed the rules as it goes along
What rules? The rule seems to be "What Steve Jobs likes." Otherwise, please explain how a legitimate exercise app was rejected, yet Playboy's apps are approved and featured prominently.
I'm pretty sure you can see all kinds of porn on the iPhone, you just have to get to it through a browser and you can't look at Flash based porn.
Missing the point.
At this point you are getting delusional if you think anyone at Apple cares that you seem to demand your porn as an "app" and only as an "app".
Why yes, I would be getting delusional if I thought something ridiculous that I don't actually think.
Why don't you address what I actually said, not what you wish I'd said?
So don't buy one and stop whining about it. Tou have the option to walk away.
So do you. No one is tying you down and forcing you to participate in this discussion.
But in a very real sense, I don't. Apple is selling a lot of these things. There's an entire industry springing up around them. That means less real programming jobs and more users I can't reach if I don't play by Apple's rules.
It's a bit like Internet Explorer. Yes, I have the option not to use it, but I don't yet have the option to ignore it completely when developing a web app. Every user who uses IE makes my job harder, so I do have a legitimate complaint and a reason to speak out.
Whining about it and insisting Apple pander to your desires is delusional.
That's the second time you've accused me of saying something I didn't say. I'm not insisting Apple do anything at all, I'm calling them out on what they're currently doing.
This isn't about my "desires", either. Again, there is legitimate content, some of which makes sense as an app (that exercise app I mentioned) which gets blocked as "pornography", which is always the case with this sort of censorship.
As you said, if it was just about the porn, there's a web browser. Even that has drawbacks, but it was never the point.
Apple's products are widely used in families and parents are no doubt ecstatic they don't have to worry about their kids downloading porn apps.
Oh, I'm sure they are, at least until they realize that the browser can easily access porn. It seems unlikely that they'd be able to download an app to restrict the browser, either, given that Apple doesn't tend to let people modify the built-in browser.
If, in fact, people don't like what Apple is doing then Android or someone else needs to offer what you think people want and then Apple will fail in the market place.
Ah, a libertarian. Look up "market failures."
If its not as open as you would like.... tough.
If it's not as open as I would like, I will continue to speak out against it until Apple either fails or changes. If you don't like it, you don't have to read it.
Re:You signed away this "right" by picking Apple.
on
Flash Is Not a Right
·
· Score: 1
You might want to try sticking to facts, rather than making stuff up.
Please provide an example of me "making stuff up." In particular, what about the post you were replying to was untrue?
Your argument makes sense in a highly abstract, academic universe in which all people are perfectly skilled, knowledgeable and well resourced.
I also addressed a universe in which people are reasonably skilled, knowledgeable, and well-resourced. I think that's a definite possibility. I hate to use a car analogy, but no one expects driving a car to be "easy" or "intuitive" or something you should be able to just pick up and do instantly. They expect to have to learn something. It only takes the tiniest bit of that kind of attitude to increase desktop security dramatically.
Really, it's not difficult to keep your system patched and avoid downloading random crap. 99% of the population can't seem to do that, I grant you, but it's not that far removed from reality.
The first problem is that we know it's possible to build DRM that is extremely hard to crack.
It only has to be cracked once -- particularly software DRM. One person (or team) figures out how to crack it, and distributes that over the Internet.
These systems have been partially defeated a handful of times and then promptly re-secured. It turns out that though you technically speaking "have the keys" they are buried under so much silicon wizardry that in practice you don't have them.
"Promptly re-secured" suggests that it's not the silicon alone.
I could also qualify this with, all DRM is theoretically crackable, and all DRM involving static media (audio and video) will be cracked, as we've seen. Executable stuff (games) is harder.
The second is that it's very questionable whether there is any such thing as a "completely secure system" as you describe. Your phrasing is vague so I'll assume you're talking about resistance against attackers who are physically remote.
Yes.
The trend has been that over time, bugs that were once thought to be un-exploitable have become exploitable.
We're talking about bugs, though. You're going to find this even more ludicrous, but there is nothing inherent in software that requires it to have bugs. The bugs are our fault.
Now, I'm not going to tell you that I can create flawless software, or that any human can, only that it's possible, whereas working DRM is not.
For instance at one time both heap and integer overflows were not deemed to be a security issue until techniques for reliably exploiting them were published.
And both heap and integer overflows are things which do not have to exist.
Likewise, it's only recently that implementors of software cryptography have started thinking about statistical side-channel attacks and many (most?) engineers are still unfamiliar with them.
This is harder, yes. However, these are mostly dealing with information sent over the wire, and none of it applies to keeping a single desktop PC secure, given that desktop PCs typically don't need remote access.
I am skeptical there are any perfectly undefeatable systems out there.
As am I.
However, to take "DRM can never work", and use that to conclude that "Security is impossible", is missing the point. It's a bit like noticing that homeopathy is bunk, and from that, concluding that medicine is impossible.
I'm drawing a distinction between the attackers, who most people assume are people anyway, and the classic case of PEBKAC. I can protect myself reasonably well from attackers, including human ones. I can't reasonably protect you from anyone if you're not willing to cooperate.
If it is a truism that DRM is futile because it will always be defeated, then it is also a truism that Security is futile because it will always be defeated.
What? No.
DRM can always be defeated because of its design. If I lend you the key to my apartment so you can go in and borrow some sugar or something, there's nothing I can do to stop you from cleaning out my apartment and skipping town. But to claim all locks are futile because of that is just retarded.
DRM can always be defeated because the "attacker" is exactly the same as the user, and you're already giving them everything they need. That is a system which is fundamentally flawed. Real security is where you don't give the attacker your keys, passwords, etc.
It is theoretically possible to build a completely secure system, from a technological standpoint. The vulnerabilities are either physical weaknesses (you could just run off with my laptop) or people. There are also vulnerabilities from sloppy coding, but these have very little effect against users with good security habits.
Sure, it may never happen, but if so, that's because we'll always make mistakes. A completely secure DRM scheme is actually a logical impossibility, even if no one makes any mistakes.
Also odd that they won't allow FDE, but they'll allow you to install whatever web browser you want, apparently...
Oh well. I'll definitely add an extension for that at some point. By "trivial" I mean maybe half an hour.
Re:You signed away this "right" by picking Apple.
on
Flash Is Not a Right
·
· Score: 1
Forcing people to learn multiple languages and multiple platforms is a good thing?
As far as education goes, absolutely, yes. Part of what's wrong with this field is an entire generation of programmers who were taught nothing but Java in school, and think they're diverse because they learned C#. A little Scheme or Smalltalk would help a lot.
But as a practical thing, in the real world, I absolutely agree:
There should be standards.... And people should be able to use the best language for their application, not one dictated to them regardless of the problem they're trying to solve.
Much like I want Flash to die, but I don't want Apple to ban Flash, I also want people to learn multiple platforms, but I don't want Apple to dictate a language.
You can select and copy text. I'm sure you can find a way to spider the pure HTML pages. Even if you can't, Scribd has always allowed you to download the original PDF.
Go to scribd.com, notice the Google Ad, click "try it now". Or, on most of their featured pages, you should be able to click "view with HTML" on the right side.
So, it's something they're trying out. It's not actually the default yet.
OK, NOW we're getting to the bottom of it. It's all about money! All the righteous wailing and the fake indignation is not really about *freedom* but about having to shell out a few bucks for a compiler and a bunch of well-documented libraries!
If I only ever wanted to develop an app for myself, that would be true.
If, on the other hand, you're trying to publish through THEIR store,
See, that's just it. I don't want to publish through their store, because they've generally been cunts about it.
If, however, you're going to push your stuff through your own channels then you don't need Apple for squat.
Unfortunately, their store is the only store for the iPhone -- even if I want to distribute my app for free, I can only distribute it to others who jailbreak their phone, and that's at least one federal crime and one contract violation for each person I distribute it to.
Sourceforge already hosts some FOSS projects for iPhone/iPad
And those projects can only ever distribute binaries either through the App Store or, maybe, as source code to someone else who's willing to pay $99/year and compile it themselves.
once a few more geeks pull their heads out their *sses, stop the crying and re-start the compiling... Less wah-wah, more cc!!
Oh, I'm doing that, just not on the iPhone, now or ever. Fuck apple, and fuck you.
I suppose, but more work to use a master password.
The way I solved this back when I cared was by using full-disk encryption.
Re:You signed away this "right" by picking Apple.
on
Flash Is Not a Right
·
· Score: 1
I for one am GLAD i have no flash on my iphone. Flash sucks,
I agree.
its only ever used for nefarious/pointless purposes,
Couldn't disagree more. To call all of Flash video "pointless" would be incredibly naive. True, HTML5 is better, but that doesn't make the use of Flash "pointless" in that case.
its buggy, shit and insecure. There are other ways of doing things without flash,
Agreed.
I've never seen it used for any real useful purpose.
See above.
But you're missing the point by a mile. My comment is not in support of Flash -- I do want Flash to die in a fire. But what Apple has done here has too much collateral damage -- they've basically banned all cross-platform development other than web apps, whether or not it involves Flash. That means things I actually might want to use, like Java or Ruby, will never make it to the iPhone.
Apple are plenty generous when it comes to the distribution and licensing of the apple developer tools.
That's a laugh. $99/year, you have to have a Mac, and you're not allowed to distribute what you produce through anything other than the App Store. In what universe is that "generous", especially compared to open source development tools which have been freely available for any purpose for decades?
If you want to program in flash,
I don't. But I don't want to program in Objective C.
It is ENTIRELY appropriate for Apple to decide they want to ban porn from THEIR app store.
Not as long as it's the only app store for the device, because it shouldn't be seen as their device. It should be seen as yours, the consumer's.
If you want to push porn to make a quick buck... go for it, create your own web site, apps store.
Which won't work on the iPhone, thanks to Apple.
If you want to spend your time looking at porn, go for it, there are about a million web sites
Websites aren't apps. You can do more with an app than with a website.
What's more, it wasn't just porn, it was anything even remotely suggestive, including banning a dictionary because it contained objectionable words.
It runs counter to the values of a lot of people and corporations.
Which is exactly the point. Why should Apple force their values, either personal or corporate, on people who use their devices?
As an example: Suppose Apple decided to allow a Bible app, but not a Qur'an app. Would you feel the same way about that? What if the situation was reversed?
Again, it's within their right, but as long as they're the only way to get apps on the iPhone, this kind of censorship makes them douchebags.
If they DID allow some porn, I imagine you would start whining about Apple's moralizing if they rejected porn that is gross or borderline illegal, wouldn't you.....
To many people, porn itself is gross. To me, the iPhone is gross. Please explain exactly what you mean by "gross".
Borderline illegal makes perfect sense -- they want to avoid litigation. That's understandable.
It's Extreme wisdom on the part of Apple and Jobs to not take the first step on that slippery slope.
Ah, but they have. They allow apps from Playboy, yet they block apps which were never intended to be sexual (like a yoga app) but contain "suggestive clothing." So they've taken exactly that first step, but they've done it, as always, in an arbitrary, unpredictable way.
The problem is that it's not illegal to develop or distribute tools which violate the DMCA. It's just illegal to actually use them.
Re:You signed away this "right" by picking Apple.
on
Flash Is Not a Right
·
· Score: 1
For most programs using an MVC pattern, only the View layer needs to be rewritten across platforms.
Please explain how proper object-oriented design and the MVC pattern will allow my Models and Controllers to magically be transformed from Objective C to Java, or vice versa.
I mean, your point is exactly why Apple's policy pisses us off so much. I would love to be able to write an app which is portable to any platform, including any mobile platform. Unfortunately, Apple has dictated that the app must be written in Objective C, which pretty much kills that possibility.
Re:You signed away this "right" by picking Apple.
on
Flash Is Not a Right
·
· Score: 1
What if Adobe will produce automatic flash2iphone compiler/converter?
They were planning to do exactly that. Apple has changed the rules such that any apps produces by such a converter would not be welcome in the App Store.
Slashdot Mirror
You mean like what happened to YouTube?
Any language that lacks an inherent insecurity can be used to write secure apps, just as any language (Brainfuck, anyone?) can be used to write any program.*
You choose a language not because it makes it possible for you to do anything, but because it makes it easier than another language.
*I realize that there are cases where performance-per-core is critical, and that narrows your choices considerably. Still, in that situation, some use C, others use C++, and still others use Lisp.
You have a slim case when Apple changed the rules as it goes along
What rules? The rule seems to be "What Steve Jobs likes." Otherwise, please explain how a legitimate exercise app was rejected, yet Playboy's apps are approved and featured prominently.
I'm pretty sure you can see all kinds of porn on the iPhone, you just have to get to it through a browser and you can't look at Flash based porn.
Missing the point.
At this point you are getting delusional if you think anyone at Apple cares that you seem to demand your porn as an "app" and only as an "app".
Why yes, I would be getting delusional if I thought something ridiculous that I don't actually think.
Why don't you address what I actually said, not what you wish I'd said?
So don't buy one and stop whining about it. Tou have the option to walk away.
So do you. No one is tying you down and forcing you to participate in this discussion.
But in a very real sense, I don't. Apple is selling a lot of these things. There's an entire industry springing up around them. That means less real programming jobs and more users I can't reach if I don't play by Apple's rules.
It's a bit like Internet Explorer. Yes, I have the option not to use it, but I don't yet have the option to ignore it completely when developing a web app. Every user who uses IE makes my job harder, so I do have a legitimate complaint and a reason to speak out.
Whining about it and insisting Apple pander to your desires is delusional.
That's the second time you've accused me of saying something I didn't say. I'm not insisting Apple do anything at all, I'm calling them out on what they're currently doing.
This isn't about my "desires", either. Again, there is legitimate content, some of which makes sense as an app (that exercise app I mentioned) which gets blocked as "pornography", which is always the case with this sort of censorship.
As you said, if it was just about the porn, there's a web browser. Even that has drawbacks, but it was never the point.
Apple's products are widely used in families and parents are no doubt ecstatic they don't have to worry about their kids downloading porn apps.
Oh, I'm sure they are, at least until they realize that the browser can easily access porn. It seems unlikely that they'd be able to download an app to restrict the browser, either, given that Apple doesn't tend to let people modify the built-in browser.
If, in fact, people don't like what Apple is doing then Android or someone else needs to offer what you think people want and then Apple will fail in the market place.
Ah, a libertarian. Look up "market failures."
If its not as open as you would like.... tough.
If it's not as open as I would like, I will continue to speak out against it until Apple either fails or changes. If you don't like it, you don't have to read it.
You might want to try sticking to facts, rather than making stuff up.
Please provide an example of me "making stuff up." In particular, what about the post you were replying to was untrue?
Your argument makes sense in a highly abstract, academic universe in which all people are perfectly skilled, knowledgeable and well resourced.
I also addressed a universe in which people are reasonably skilled, knowledgeable, and well-resourced. I think that's a definite possibility. I hate to use a car analogy, but no one expects driving a car to be "easy" or "intuitive" or something you should be able to just pick up and do instantly. They expect to have to learn something. It only takes the tiniest bit of that kind of attitude to increase desktop security dramatically.
Really, it's not difficult to keep your system patched and avoid downloading random crap. 99% of the population can't seem to do that, I grant you, but it's not that far removed from reality.
The first problem is that we know it's possible to build DRM that is extremely hard to crack.
It only has to be cracked once -- particularly software DRM. One person (or team) figures out how to crack it, and distributes that over the Internet.
These systems have been partially defeated a handful of times and then promptly re-secured. It turns out that though you technically speaking "have the keys" they are buried under so much silicon wizardry that in practice you don't have them.
"Promptly re-secured" suggests that it's not the silicon alone.
I could also qualify this with, all DRM is theoretically crackable, and all DRM involving static media (audio and video) will be cracked, as we've seen. Executable stuff (games) is harder.
The second is that it's very questionable whether there is any such thing as a "completely secure system" as you describe. Your phrasing is vague so I'll assume you're talking about resistance against attackers who are physically remote.
Yes.
The trend has been that over time, bugs that were once thought to be un-exploitable have become exploitable.
We're talking about bugs, though. You're going to find this even more ludicrous, but there is nothing inherent in software that requires it to have bugs. The bugs are our fault.
Now, I'm not going to tell you that I can create flawless software, or that any human can, only that it's possible, whereas working DRM is not.
For instance at one time both heap and integer overflows were not deemed to be a security issue until techniques for reliably exploiting them were published.
And both heap and integer overflows are things which do not have to exist.
Likewise, it's only recently that implementors of software cryptography have started thinking about statistical side-channel attacks and many (most?) engineers are still unfamiliar with them.
This is harder, yes. However, these are mostly dealing with information sent over the wire, and none of it applies to keeping a single desktop PC secure, given that desktop PCs typically don't need remote access.
I am skeptical there are any perfectly undefeatable systems out there.
As am I.
However, to take "DRM can never work", and use that to conclude that "Security is impossible", is missing the point. It's a bit like noticing that homeopathy is bunk, and from that, concluding that medicine is impossible.
I'm drawing a distinction between the attackers, who most people assume are people anyway, and the classic case of PEBKAC. I can protect myself reasonably well from attackers, including human ones. I can't reasonably protect you from anyone if you're not willing to cooperate.
Makes my Core2Duo chug for about 5 seconds. Then it's fine -- scrolling is fast, less than a second to bring up a reply box, etc.
That quad isn't going to help much, unless you've got other tabs that are using tons of CPU -- I doubt very much that Slashdot is multi-threaded.
If it is a truism that DRM is futile because it will always be defeated, then it is also a truism that Security is futile because it will always be defeated.
What? No.
DRM can always be defeated because of its design. If I lend you the key to my apartment so you can go in and borrow some sugar or something, there's nothing I can do to stop you from cleaning out my apartment and skipping town. But to claim all locks are futile because of that is just retarded.
DRM can always be defeated because the "attacker" is exactly the same as the user, and you're already giving them everything they need. That is a system which is fundamentally flawed. Real security is where you don't give the attacker your keys, passwords, etc.
It is theoretically possible to build a completely secure system, from a technological standpoint. The vulnerabilities are either physical weaknesses (you could just run off with my laptop) or people. There are also vulnerabilities from sloppy coding, but these have very little effect against users with good security habits.
Sure, it may never happen, but if so, that's because we'll always make mistakes. A completely secure DRM scheme is actually a logical impossibility, even if no one makes any mistakes.
According to the description, the monitor is actually flipped upside down in order to eliminate some shadow.
Not really. And it's actually much, much faster than it was with Konqueror.
Odd. The smarter corporations require it.
Also odd that they won't allow FDE, but they'll allow you to install whatever web browser you want, apparently...
Oh well. I'll definitely add an extension for that at some point. By "trivial" I mean maybe half an hour.
Forcing people to learn multiple languages and multiple platforms is a good thing?
As far as education goes, absolutely, yes. Part of what's wrong with this field is an entire generation of programmers who were taught nothing but Java in school, and think they're diverse because they learned C#. A little Scheme or Smalltalk would help a lot.
But as a practical thing, in the real world, I absolutely agree:
There should be standards.... And people should be able to use the best language for their application, not one dictated to them regardless of the problem they're trying to solve.
Much like I want Flash to die, but I don't want Apple to ban Flash, I also want people to learn multiple platforms, but I don't want Apple to dictate a language.
Right, as TFA says -- they intend to convert their entire collection eventually, but they're not there yet.
Out of curiosity, what browser? With Chrome on Linux, my CPU didn't spin up past 800 mhz.
You can select and copy text. I'm sure you can find a way to spider the pure HTML pages. Even if you can't, Scribd has always allowed you to download the original PDF.
Go to scribd.com, notice the Google Ad, click "try it now". Or, on most of their featured pages, you should be able to click "view with HTML" on the right side.
So, it's something they're trying out. It's not actually the default yet.
Or is that too silly for even Apple and Nintendo?
Maybe not.
Well, you're not going to have any effect with whiny posts on slashdot.
Not all criticism is automatically "whining."
In fact, if you whine like you do here elsewhere, people are only going to discount your opinion - hurting your stated goal.
Great. How would you suggest this discussion go, then? Any constructive criticism?
OK, NOW we're getting to the bottom of it. It's all about money! All the righteous wailing and the fake indignation is not really about *freedom* but about having to shell out a few bucks for a compiler and a bunch of well-documented libraries!
If I only ever wanted to develop an app for myself, that would be true.
If, on the other hand, you're trying to publish through THEIR store,
See, that's just it. I don't want to publish through their store, because they've generally been cunts about it.
If, however, you're going to push your stuff through your own channels then you don't need Apple for squat.
Unfortunately, their store is the only store for the iPhone -- even if I want to distribute my app for free, I can only distribute it to others who jailbreak their phone, and that's at least one federal crime and one contract violation for each person I distribute it to.
Sourceforge already hosts some FOSS projects for iPhone/iPad
And those projects can only ever distribute binaries either through the App Store or, maybe, as source code to someone else who's willing to pay $99/year and compile it themselves.
once a few more geeks pull their heads out their *sses, stop the crying and re-start the compiling ... Less wah-wah, more cc!!
Oh, I'm doing that, just not on the iPhone, now or ever. Fuck apple, and fuck you.
I suppose, but more work to use a master password.
The way I solved this back when I cared was by using full-disk encryption.
I for one am GLAD i have no flash on my iphone. Flash sucks,
I agree.
its only ever used for nefarious/pointless purposes,
Couldn't disagree more. To call all of Flash video "pointless" would be incredibly naive. True, HTML5 is better, but that doesn't make the use of Flash "pointless" in that case.
its buggy, shit and insecure. There are other ways of doing things without flash,
Agreed.
I've never seen it used for any real useful purpose.
See above.
But you're missing the point by a mile. My comment is not in support of Flash -- I do want Flash to die in a fire. But what Apple has done here has too much collateral damage -- they've basically banned all cross-platform development other than web apps, whether or not it involves Flash. That means things I actually might want to use, like Java or Ruby, will never make it to the iPhone.
Apple are plenty generous when it comes to the distribution and licensing of the apple developer tools.
That's a laugh. $99/year, you have to have a Mac, and you're not allowed to distribute what you produce through anything other than the App Store. In what universe is that "generous", especially compared to open source development tools which have been freely available for any purpose for decades?
If you want to program in flash,
I don't. But I don't want to program in Objective C.
It is ENTIRELY appropriate for Apple to decide they want to ban porn from THEIR app store.
Not as long as it's the only app store for the device, because it shouldn't be seen as their device. It should be seen as yours, the consumer's.
If you want to push porn to make a quick buck... go for it, create your own web site, apps store.
Which won't work on the iPhone, thanks to Apple.
If you want to spend your time looking at porn, go for it, there are about a million web sites
Websites aren't apps. You can do more with an app than with a website.
What's more, it wasn't just porn, it was anything even remotely suggestive, including banning a dictionary because it contained objectionable words.
It runs counter to the values of a lot of people and corporations.
Which is exactly the point. Why should Apple force their values, either personal or corporate, on people who use their devices?
As an example: Suppose Apple decided to allow a Bible app, but not a Qur'an app. Would you feel the same way about that? What if the situation was reversed?
Again, it's within their right, but as long as they're the only way to get apps on the iPhone, this kind of censorship makes them douchebags.
If they DID allow some porn, I imagine you would start whining about Apple's moralizing if they rejected porn that is gross or borderline illegal, wouldn't you.....
To many people, porn itself is gross. To me, the iPhone is gross. Please explain exactly what you mean by "gross".
Borderline illegal makes perfect sense -- they want to avoid litigation. That's understandable.
It's Extreme wisdom on the part of Apple and Jobs to not take the first step on that slippery slope.
Ah, but they have. They allow apps from Playboy, yet they block apps which were never intended to be sexual (like a yoga app) but contain "suggestive clothing." So they've taken exactly that first step, but they've done it, as always, in an arbitrary, unpredictable way.
The problem is that it's not illegal to develop or distribute tools which violate the DMCA. It's just illegal to actually use them.
For most programs using an MVC pattern, only the View layer needs to be rewritten across platforms.
Please explain how proper object-oriented design and the MVC pattern will allow my Models and Controllers to magically be transformed from Objective C to Java, or vice versa.
I mean, your point is exactly why Apple's policy pisses us off so much. I would love to be able to write an app which is portable to any platform, including any mobile platform. Unfortunately, Apple has dictated that the app must be written in Objective C, which pretty much kills that possibility.
What if Adobe will produce automatic flash2iphone compiler/converter?
They were planning to do exactly that. Apple has changed the rules such that any apps produces by such a converter would not be welcome in the App Store.