Overclock.net › Forums › Industry News › Software News › [Ars] Firefox is out of the iOS game until Apple changes its ways
New Posts  All Forums:Forum Nav:

[Ars] Firefox is out of the iOS game until Apple changes its ways - Page 9

post #81 of 105
Dolphin browser all the way. Wish mobile Firefox was similar to Dolphin.

Opera would be my second choice.
    
CPUMotherboardGraphicsRAM
8350 FX @ 4.6ghz /1.404 v Sabertooth 990FX RX 480 Nitro 8GB 2x4GB Mushkin Blackline DDR3 2133 9-11-11-24 1T... 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Evo 128GB 1 TB Samsung Spinpoint F3 Samsung SH-S224GB Raijintek Themis Evo 
OSMonitorKeyboardPower
7 Ultimate 64bit Samsung SyncMaster S27B550 Logitech K520 Corsair HX850 
CaseMouseMouse PadAudio
Storm Scout 2 Logitech G602 Steel Series HQK Logitech Z-2300 Sub (Z-5500 Satelites) 
AudioOther
Asus Xonar DS Intel I210-T1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
8350 FX @ 4.6ghz /1.404 v Sabertooth 990FX RX 480 Nitro 8GB 2x4GB Mushkin Blackline DDR3 2133 9-11-11-24 1T... 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Evo 128GB 1 TB Samsung Spinpoint F3 Samsung SH-S224GB Raijintek Themis Evo 
OSMonitorKeyboardPower
7 Ultimate 64bit Samsung SyncMaster S27B550 Logitech K520 Corsair HX850 
CaseMouseMouse PadAudio
Storm Scout 2 Logitech G602 Steel Series HQK Logitech Z-2300 Sub (Z-5500 Satelites) 
AudioOther
Asus Xonar DS Intel I210-T1 
  hide details  
Reply
post #82 of 105
Yeah. I mean it just comes down to which browser layout you like best. They are all as fast if not more fast as Safari, with the appropriate tweaks (Nitrous, Browserchooser).
    
CPUMotherboardGraphicsRAM
3930k 4.7 1.368v RIVE BIOS 2105 680L 1330/7011 16GB Samsung 2133Mhz  
Hard DriveCoolingOSMonitor
Crucial M4 240GB  H110 after 4x H220 RMA Win 8.1 64bit XL2420T Lightboost  
KeyboardPowerCaseMouse
SS 6Gv2  EVGA 1300G2  Arc Midi R2 Zowie AM, many opticals 
Mouse PadAudioAudioAudio
SS QCK+ Xonar Essence STX AK100 MKII Shure SE846  
AudioAudioOther
Ultrasone Pro 900 Sennheiser HD700 Intel EXPI9301CT NIC 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
3930k 4.7 1.368v RIVE BIOS 2105 680L 1330/7011 16GB Samsung 2133Mhz  
Hard DriveCoolingOSMonitor
Crucial M4 240GB  H110 after 4x H220 RMA Win 8.1 64bit XL2420T Lightboost  
KeyboardPowerCaseMouse
SS 6Gv2  EVGA 1300G2  Arc Midi R2 Zowie AM, many opticals 
Mouse PadAudioAudioAudio
SS QCK+ Xonar Essence STX AK100 MKII Shure SE846  
AudioAudioOther
Ultrasone Pro 900 Sennheiser HD700 Intel EXPI9301CT NIC 
  hide details  
Reply
post #83 of 105
Quote:
Originally Posted by tompsonn View Post

Quote:
Originally Posted by steelbom View Post

For arguments sakes let's say they are -- it doesn't exclude the fact that allowing web browsers to do those things would open security holes in iOS.

I don't agree. Sure, there's the potential to have security flaws. But there's also potential for iOS as a platform, and Safari to have its own security holes. Third party browsers have to render using UIWebview - ouch, what happens if there's a security flaw there? I don't know how many third party browsers out there are in the store currently using UIWebview, but one security hole could affect a wide range of apps that rely on UIWebview because that's all Apple has provided. There's potential everywhere and it's all just theory.

I get that Apple is probably trying to help security by disallowing browsers to get their own feet wet, but I think it reeks of distrust on Apple's part. Opera, Firefox and Chrome are well received browsers, and I'm sure they know a thing or two about security. Sure, little Jimmy down the road who wants to make a web browser probably doesn't, but then he probably wouldn't even know where to start anyway. To solve this issue, Apple can simply require third party REAL browsers be digitally signed (and no, the fee does not go to Apple - a third party signing service can be used). Other developers can continue to use UIWebview if they want.

The same goes for Windows Phone (of which I have one and am very proud of).
If you disagree it's only because you don't fully understand what allowing this would do. Let me see if I can explain this properly:

UIWebView is actually restricted, unlike Safari which uses the Nitro 2 JS Engine. Why? Because the latter requires unsigned code to run. Allowing any web browsers to run unsigned code opens a huge hole in iOS security not only from the inside (developers being malicious) but from the outside -- as maliciously crafted websites can now exploit the browser to gain access to iOS. Apple can employ whatever security steps are necessary to protect from threats, but they can't depend on that from third party developers.

Just look at FireFox, Chrome, Opera, Safari, etc., on Mac or PC. They each have been exploited. It's the way things are, but imagine that on iOS? That's exactly what Apple doesn't want. (Keep in mind that Mobile Safari differs from Safari.)

I'll emphasise that it isn't so much about the developers making web browsers exploiting the system (though this is possible) but malware being able to get into iOS because of exploits in the browsers.
Edited by steelbom - 3/18/13 at 4:29pm
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
post #84 of 105
Quote:
Originally Posted by ImmortalKenny View Post

Alright, just like Android users have no sense of consistent design principles. Don't agree with me? You have no sense of humor.

stock standard android is pretty consistent, OEM themes and user personalization on the other hand no but the useability and feel remains the same across the board
post #85 of 105
Quote:
Originally Posted by steelbom View Post

If you disagree it's only because you don't fully understand what allowing this would do. Let me see if I can explain this properly:

UIWebView is actually restricted, unlike Safari which uses the Nitro 2 JS Engine. Why? Because the latter requires unsigned code to run. Allowing any web browsers to run unsigned code opens a huge hole in iOS security not only from the inside (developers being malicious) but from the outside -- as maliciously crafted websites can now exploit the browser to gain access to iOS. Apple can employ whatever security steps are necessary to protect from threats, but they can't depend on that from third party developers.

Just look at FireFox, Chrome, Opera, Safari, etc., on Mac or PC. They each have been exploited. It's the way things are, but imagine that on iOS? That's exactly what Apple doesn't want. (Keep in mind that Mobile Safari differs from Safari.)

I'll emphasise that it isn't so much about the developers making web browsers exploiting the system (though this is possible) but malware being able to get into iOS because of exploits in the browsers.

I disagree because I disagree. Telling me I don't fully understand is arrogant and ignorant on your part. I am fully aware of the shortcomings. UIWebView is restricted but it doesn't prevent security holes. I wasn't talking about developers being malicious either, so not sure why that's in your response. Who's to say there's not a security flaw in the Nitro JS engine, or who's to say, even with restrictions, there's no flaw in UIWebView?

As for "Apple can employ whatever security steps are necessary to protect from threats"... that's even more ignorant from another narrow minded Apple user - are you trying to say that Apple is the be all and end all for protecting from threats? Or are you saying Apple doesn't trust third-party big name developers (i.e. Mozilla)? Now I don't know about you, but I'd say Mozilla have a fair amount of experience in the web browser department, wouldn't you? Either way Apple are being silly. And its the same for Microsoft on Windows Phone.

Oh yeah, keep in mind that mobile Firefox well... would differ from Firefox.
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #86 of 105
Quote:
Originally Posted by tompsonn View Post

Quote:
Originally Posted by steelbom View Post

If you disagree it's only because you don't fully understand what allowing this would do. Let me see if I can explain this properly:

UIWebView is actually restricted, unlike Safari which uses the Nitro 2 JS Engine. Why? Because the latter requires unsigned code to run. Allowing any web browsers to run unsigned code opens a huge hole in iOS security not only from the inside (developers being malicious) but from the outside -- as maliciously crafted websites can now exploit the browser to gain access to iOS. Apple can employ whatever security steps are necessary to protect from threats, but they can't depend on that from third party developers.

Just look at FireFox, Chrome, Opera, Safari, etc., on Mac or PC. They each have been exploited. It's the way things are, but imagine that on iOS? That's exactly what Apple doesn't want. (Keep in mind that Mobile Safari differs from Safari.)

I'll emphasise that it isn't so much about the developers making web browsers exploiting the system (though this is possible) but malware being able to get into iOS because of exploits in the browsers.
I disagree because I disagree. Telling me I don't fully understand is arrogant and ignorant on your part. I am fully aware of the shortcomings.
No need to bite at me. It's neither arrogant nor ignorant. I said that you don't fully understand because of what you wrote.
Quote:
UIWebView is restricted but it doesn't prevent security holes.
That's correct, but releasing the restrictions will make security holes.
Quote:
I wasn't talking about developers being malicious either, so not sure why that's in your response.
When you said:
Quote:
I get that Apple is probably trying to help security by disallowing browsers to get their own feet wet, but I think it reeks of distrust on Apple's part.

Emphasis in bold. If not the developers, who would Apple distrust?
Quote:
Who's to say there's not a security flaw in the Nitro JS engine, or who's to say, even with restrictions, there's no flaw in UIWebView?
Nothing. But the difference is the job is in Apple's hands, not some third party developers.
Quote:
As for "Apple can employ whatever security steps are necessary to protect from threats"... that's even more ignorant from another narrow minded Apple user - are you trying to say that Apple is the be all and end all for protecting from threats?

Or are you saying Apple doesn't trust third-party big name developers (i.e. Mozilla)? Now I don't know about you, but I'd say Mozilla have a fair amount of experience in the web browser department, wouldn't you? Either way Apple are being silly. And its the same for Microsoft on Windows Phone.
Sigh, why be rude? It's not ignorant or narrow minded at all. Of course I'm not saying that -- how on earth would you read that from what I wrote?

Apple has an image to maintain, and that is that iOS is completely secure. They won't jeopardize that for anything. Allowing apps to interpret and execute their own code adds a whole new set of security issues, and then the fact that these apps will be running their own JS engine adds a heap more.

No way is Apple going to trust another developer (Mozilla, Google or otherwise) to secure their browser. It's not as if these mobile browsers on Android haven't been exploited before, no? Heard much from Mobile Safari? I can't remember anything specifically.
Quote:
Oh yeah, keep in mind that mobile Firefox well... would differ from Firefox.
I know that. But it's still in Mozilla's hands.
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
post #87 of 105
Quote:
Originally Posted by steelbom View Post

No need to bite at me. It's neither arrogant nor ignorant. I said that you don't fully understand because of what you wrote.

You're the one going around telling people they don't fully understand something. Which IS both ignorant and arrogant. We'll leave it at that.
Quote:
Originally Posted by steelbom View Post

That's correct, but releasing the restrictions will make security holes.

It opens the possibility for further security holes, it doesn't all of a sudden on the fly manufacture them. The restrictions obviously help, but restrictions or not, in software, chance of security flaw is always going to be there.
Quote:
Originally Posted by steelbom View Post

When you said:
Emphasis in bold. If not the developers, who would Apple distrust?

My comment had nothing to do with the developers being malicious, and everything to do with Apple not trusting them to create a fully fledged web browser for the iOS platform. This, my friend, is "anti-trust" and frankly the EU and other countries where anti-trust law exists, should be stepping in there - in my opinion.
Quote:
Originally Posted by steelbom View Post

Nothing. But the difference is the job is in Apple's hands, not some third party developers.

So Apple doesn't trust them (by "them", I don't mean some idiot down the road, I mean Mozilla and other big names).
Quote:
Originally Posted by steelbom View Post

Sigh, why be rude? It's not ignorant or narrow minded at all. Of course I'm not saying that -- how on earth would you read that from what I wrote?

Apple has an image to maintain, and that is that iOS is completely secure. They won't jeopardize that for anything. Allowing apps to interpret and execute their own code adds a whole new set of security issues, and then the fact that these apps will be running their own JS engine adds a heap more.

No way is Apple going to trust another developer (Mozilla, Google or otherwise) to secure their browser. It's not as if these mobile browsers on Android haven't been exploited before, no? Heard much from Mobile Safari? I don't think so.

As rude as telling someone they don't fully understand something? You can certainly dish it, but you crawl into a hole when you get it back. It is even more ignorant by telling me that iOS is completely secure. There is ZERO software out there that is completely secure.
Why shouldn't Apple trust them? And why should a consumer trust Apple's browser to be more secure over one of Mozilla automatically?

Yeah they've been exploited. But then so has Safari on iOS.

http://thenextweb.com/apple/2012/09/19/dutch-security-researchers-hack-apple-iphone-4s-exploiting-safari/
http://www.tuaw.com/2012/09/20/safari-exploit-used-to-gain-control-of-iphone-at-pwn2own/
http://www.idownloadblog.com/2012/09/19/iphone-4s-pwn2own/
http://appleinsider.com/articles/12/03/22/safari_vulnerability_in_ios_51_allows_url_spoofing
http://iphoneblogr.com/2012/03/ios-5-safari-exploit-allows-url-spoofing/
http://www.letsunlockiphone.com/hack-ios-6-safari-browser-certified-secure/

I posted multiple sources for some on purpose.

Oh .. also

http://www.afterdawn.com/news/article.cfm/2011/03/11/pwn2own_chrome_android_firefox_own_safari_ie8_ios_bb_get_pwned

Yeah it's old, but that's semantics and if we bring that here it all goes down the tube fairly quickly because then its tit for tat which gets no where.

Enjoy your completely secure iOS! And I'll enjoy my (knowingly) not completely secure Windows Phone and Android smile.gif
Quote:
Originally Posted by steelbom View Post

I know that. But it's still in Mozilla's hands.

So? What's wrong with Mozilla? Apple could partner with Mozilla or other companies if they want or don't fully "trust" them.
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
post #88 of 105
Quote:
Originally Posted by tompsonn View Post

You're the one going around telling people they don't fully understand something. Which IS both ignorant and arrogant. We'll leave it at that.
It's neither of those things. What's wrong with telling someone they don't fully understand something? I fail to see how that is insulting. If you said that to me, I wouldn't be offended. I don't really understand why you took it offensively. It wasn't meant to be.
Quote:
It opens the possibility for further security holes, it doesn't all of a sudden on the fly manufacture them. The restrictions obviously help, but restrictions or not, in software, chance of security flaw is always going to be there.
I never said it makes security issues, but it does make security holes, and they can be exploited. Lots of them, too.
Quote:
My comment had nothing to do with the developers being malicious, and everything to do with Apple not trusting them to create a fully fledged web browser for the iOS platform. This, my friend, is "anti-trust" and frankly the EU and other countries where anti-trust law exists, should be stepping in there - in my opinion.
Well then there's the misunderstanding. I thought you were inferring that Apple doesn't trust the developers to not make malicious software. (Which they shouldn't anyway, because some would.)

I disagree that it's an "anti-trust" issue though. Apple has valid reasons to restrict any kind of app (including web browsers) from compiling, interpreting or executing code.
Quote:
So Apple doesn't trust them (by "them", I don't mean some idiot down the road, I mean Mozilla and other big names).
I don't think Apple trusts anyone to "take care" of their "perfect world." If they allowed Mozilla to make a FireFox app for iOS which used its own JS engine and so forth, it would most definitely put onus on Mozilla to make sure they keep it secure.

Apple doesn't care about the app. They care about the news that an exploit managed to infect an iOS user through Mozilla. You should know how absolutely anal they are about maintaining their perfect image.
Quote:
As rude as telling someone they don't fully understand something? You can certainly dish it, but you crawl into a hole when you get it back. It is even more ignorant by telling me that iOS is completely secure. There is ZERO software out there that is completely secure.
Not to me. I'll apologize if I offended you by saying you don't fully understand the situation, it wasn't meant as an insult at all.

However I'll remind you that my post you responded to said: "it doesn't exclude the fact that allowing web browsers to do those things would open security holes in iOS." The start of your reply was "I don't agree."

And it was at that point (and also in some parts of your post) that I got the impression you didn't fully understand what would happen by allowing apps to execute or interpret code. As it most absolutely would open many security holes. (I never stated that Mobile Safari or UIWebView doesn't have any security issues, but they're handled by Apple.)

Oh and one last thing. I did not say iOS is completely secure -- I said I can't remember any specific exploits for Mobile Safari. Not iOS.
Quote:
Why shouldn't Apple trust them? And why should a consumer trust Apple's browser to be more secure over one of Mozilla automatically?
No one's as anal as Apple about making sure iOS is secure. They don't want iOS being perceived as vulnerable to malware. Why should a consumer trust Safari over another browser? No reason either way. This is the original source for the Pwn2Own links: http://www.zdnet.com/mobile-pwn2own-iphone-4s-hacked-by-dutch-team-7000004498/

Thanks for the link, it's a valid instance of an exploit. They exploited a zero-day in WebKit. The end part of the hack was using the JIT debugger to run unsigned code -- which would be the problem with letting third party browsers do this. I do remember the URL spoofing one now.

As bad as it is though having your contacts, browsing history, videos and photos stolen, worse can still be done on Android -- see the last link you posted.
Quote:
Oh .. also

http://www.afterdawn.com/news/article.cfm/2011/03/11/pwn2own_chrome_android_firefox_own_safari_ie8_ios_bb_get_pwned

Yeah it's old, but that's semantics and if we bring that here it all goes down the tube fairly quickly because then its tit for tat which gets no where.

Enjoy your completely secure iOS! And I'll enjoy my (knowingly) not completely secure Windows Phone and Android smile.gif
It's talking about mobile browsers and desktop browsers. It wasn't clear whether Chrome or FireFox on Android were exploited.

Again I never said iOS was completely secure. Nothing is.
Quote:
So? What's wrong with Mozilla? Apple could partner with Mozilla or other companies if they want or don't fully "trust" them.
See my other answers above.
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
post #89 of 105
Here's a break in the discussion between "steelbom" and "tompsonn" but just thought I'd throw my two cents in this thread...who cares at all about mobile browsers? Mobile devices are overrated tongue.gif

After reading through this thread I'm really going to be the odd one out but after 15 years of owning mobile devices ranging from Nokia's, Motorola's, Sony Ericsson's, BlackBerry's, iOS and Androids, I've finally decided to live "off the grid" since the Summer of 2012. For most who cannot live or operate without a mobile device (typically Generation Y which I am part of as well), this might be a hard thing to understand but for anyone who has done this will understand that freeing yourself from a mobile device is truly liberating. IMO they are a distraction and nuisance that's marketed in a fashion that people believe they cannot live without them. Already groups of mobile zombies are walking our streets with their face glued to their devices unaware of what's happening around them, unfortunately there is no escape and it's only getting worse day by day. Most will contest saying they bring you all sorts of cool apps and tools to help you with the modern society lifestyle that's been widely adopted because of our "busy lives" and I cannot say you're wrong if its you're opinion, there was a time when I used to think that way too!

One of the main reasons why I freed myself was that I felt I was becoming "dumb" because Id rely too much on my phone to remember phone numbers, appointments, GPS for directions, web searches, etc... This is also not to mention the fact that a whack load of people who expect replies to their text message within short periods of time (I'll reply when I feel like it! Don't text me why I haven't text you back yet!) and people calling me when its convenient for them without a clue if its convenient for me, essentially being too easily reachable. I still own a mobile device today but it serves as a glorified alarm clock and home phone because it never leaves the house, has no data plan nor voice mail and only a voice plan.

I can honestly say that since I stopped carrying a device around, my memory has been getting better day by day because I'm actually forcing my brain to remember things. I can remember most ot all of the phone numbers I would need (family, friends, etc...), I can remember my appointments without relying on an electronic calendar/organizer and I can remember directions to where people live and even in foreign cities all without the use of a GPS. Plus instead of whipping out my phone to play some games, surf or text/call annoy someone while I wait around somewhere, I actually take the time to make myself aware of my surroundings, appreciate the small things in life that are so easily overlooked and let my mind process thoughts and ideas that I would otherwise not think of if I was playing a game, keeping busy on my device, etc... I would believe that this sounds absurd to most of you but as I said when I was younger I also raved about them and how they made things easier until I woke up and realized that they were not helping me but actually hurting me more than anything. Again this is my opinion and I'm not bashing on anyone who owns a mobile device as I believe nowadays at least 95% of people around us carry them around, I just choose not too! smile.gif
ECHELON
(21 items)
 
Budget Performer
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7-3770K @ 4.5GHz ASUS P8Z77 WS 2 x MSI GTX670 OC Edition 2GB in SLI Corsair Vengeance Blue 4x4GB 1600MHz 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro 128GB SDD Samsung 840 Pro 128GB SDD 2 x WD VelociRaptor 1TB in RAID 0 LG 24x DVD-Writer 
CoolingCoolingCoolingCooling
EK Supremacy CPU block Swiftech MCP655 with EK D5 X-Top Swiftech MicroRes XSPC EX240 radiator 
CoolingCoolingCoolingCooling
XSPC EX120 radiator 2 x EK FC670 GTX GPU block with EK backplates EK FC Bridge parallel 5 x GELID Wing 12 UV Blue 120mm fans 
MonitorKeyboardPowerCase
ASUS VG248QE Silver Corsair Vengeance K70 Seasonic Platinum Series 860W NZXT Tempest 410 Elite 
Mouse
Razer DeathAdder 
CPUMotherboardGraphicsRAM
Intel Core i5-3570 ASUS P8Z77-V LK Sapphire Radeon HD6750 Corsair Vengeance LP 2x8GB DDR3 1600 
Hard DriveOptical DriveOSMonitor
OCZ Vertex 3 120GB SSD LG 24x DVD-Writer Windows 7 Ultimate x64 ASUS VS238H 
PowerCase
Corsair Enthusiast Series VX550 Corsair Carbide Series 200R 
  hide details  
Reply
ECHELON
(21 items)
 
Budget Performer
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7-3770K @ 4.5GHz ASUS P8Z77 WS 2 x MSI GTX670 OC Edition 2GB in SLI Corsair Vengeance Blue 4x4GB 1600MHz 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro 128GB SDD Samsung 840 Pro 128GB SDD 2 x WD VelociRaptor 1TB in RAID 0 LG 24x DVD-Writer 
CoolingCoolingCoolingCooling
EK Supremacy CPU block Swiftech MCP655 with EK D5 X-Top Swiftech MicroRes XSPC EX240 radiator 
CoolingCoolingCoolingCooling
XSPC EX120 radiator 2 x EK FC670 GTX GPU block with EK backplates EK FC Bridge parallel 5 x GELID Wing 12 UV Blue 120mm fans 
MonitorKeyboardPowerCase
ASUS VG248QE Silver Corsair Vengeance K70 Seasonic Platinum Series 860W NZXT Tempest 410 Elite 
Mouse
Razer DeathAdder 
CPUMotherboardGraphicsRAM
Intel Core i5-3570 ASUS P8Z77-V LK Sapphire Radeon HD6750 Corsair Vengeance LP 2x8GB DDR3 1600 
Hard DriveOptical DriveOSMonitor
OCZ Vertex 3 120GB SSD LG 24x DVD-Writer Windows 7 Ultimate x64 ASUS VS238H 
PowerCase
Corsair Enthusiast Series VX550 Corsair Carbide Series 200R 
  hide details  
Reply
post #90 of 105
Quote:
Originally Posted by steelbom View Post

It's neither of those things. What's wrong with telling someone they don't fully understand something? I fail to see how that is insulting. If you said that to me, I wouldn't be offended. I don't really understand why you took it offensively. It wasn't meant to be.

That's fine, we're all different.
Quote:
Originally Posted by steelbom View Post

I never said it makes security issues, but it does make security holes, and they can be exploited. Lots of them, too.
Well then there's the misunderstanding. I thought you were inferring that Apple doesn't trust the developers to not make malicious software. (Which they shouldn't anyway, because some would.)

Security hole, security issue; poe-tay-toe, poe-tah-toe. It doesn't all of a sudden manufacture a security flaw in the code... Because, get this - if Apple allows UIWebView to use Nitro, then any security flaw found would also apply to Safari on mobile, meaning that Nitro must FIRST be secure to be used in Safari. Assuming that it is, a security flaw would not just all of a sudden make its way into UIWebView apps (if they were allowed to use Nitro).

Sure it reduces the attack surface, but no flaw in Nitro with Safari == no flaw in UIWebView with Nitro support.
Quote:
Originally Posted by steelbom View Post

I disagree that it's an "anti-trust" issue though. Apple has valid reasons to restrict any kind of app (including web browsers) from compiling, interpreting or executing code.
I don't think Apple trusts anyone to "take care" of their "perfect world." If they allowed Mozilla to make a FireFox app for iOS which used its own JS engine and so forth, it would most definitely put onus on Mozilla to make sure they keep it secure.

That's fine, the anti-trust was just my opinion. I would agree, Mozilla would need to keep it secure, and they could do a good a job as Apple could.
Quote:
Originally Posted by steelbom View Post

Apple doesn't care about the app. They care about the news that an exploit managed to infect an iOS user through Mozilla. You should know how absolutely anal they are about maintaining their perfect image.
Not to me. I'll apologize if I offended you by saying you don't fully understand the situation, it wasn't meant as an insult at all.

Their image isn't perfect... Apology accepted anyway!
Quote:
Originally Posted by steelbom View Post

However I'll remind you that my post you responded to said: "it doesn't exclude the fact that allowing web browsers to do those things would open security holes in iOS." The start of your reply was "I don't agree."

Fair point actually, I did mean that I didn't agree with this whole thing, but I quoted your post. Why, I don't know, but there's no going back for me now!
Quote:
Originally Posted by steelbom View Post

And it was at that point (and also in some parts of your post) that I got the impression you didn't fully understand what would happen by allowing apps to execute or interpret code. As it most absolutely would open many security holes. (I never stated that Mobile Safari or UIWebView doesn't have any security issues, but they're handled by Apple.)

As a developer, I understand wholly. Security issues on Apple are handled by Apple. Security issues with Mozilla would be handled by... you guessed it, Mozilla. What's the difference? Apple pushes an update, Mozilla pushes an update. Same deal.
Quote:
Originally Posted by steelbom View Post

Oh and one last thing. I did not say iOS is completely secure -- I said I can't remember any specific exploits for Mobile Safari. Not iOS.

Yes you did.
Quote:
Originally Posted by steelbom View Post

No one's as anal as Apple about making sure iOS is secure. They don't want iOS being perceived as vulnerable to malware. Why should a consumer trust Safari over another browser? No reason either way.
This is the original source for the Pwn2Own links: http://www.zdnet.com/mobile-pwn2own-iphone-4s-hacked-by-dutch-team-7000004498/

Thanks for the link, it's a valid instance of an exploit. They exploited a zero-day in WebKit. The end part of the hack was using the JIT debugger to run unsigned code -- which would be the problem with letting third party browsers do this. I do remember the URL spoofing one now.

Fair enough but I still think big name browsers should be allowed.
Quote:
Originally Posted by steelbom View Post

As bad as it is though having your contacts, browsing history, videos and photos stolen, worse can still be done on Android -- see the last link you posted.
It's talking about mobile browsers and desktop browsers. It wasn't clear whether Chrome or FireFox on Android were exploited.

OK.
Quote:
Originally Posted by steelbom View Post

Again I never said iOS was completely secure. Nothing is.

Yes you did.
Quote:
Originally Posted by steelbom View Post

See my other answers above.

I'll end my discussion with this quote from post #86 (by you):
Quote:
Apple has an image to maintain, and that is that iOS is completely secure.

You twice said above that you never said iOS is completely secure, however you did. In that post. Right there.
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
Ol' Sandy
(28 items)
 
"Zeus"
(12 items)
 
Elite Preview
(6 items)
 
CPUMotherboardGraphicsRAM
Intel Xeon E3-1230v3 Gigabyte GA-Z97X-UD5H-BK MSI Gaming GTX 980 Kingston 32GB (4x8) 
Hard DriveHard DriveHard DriveHard Drive
Plextor PX-256M5S 256GB Samsung EVO 1TB Hitachi HDS721010CLA332 Hitachi HDS723020BLA642 
Hard DriveHard DriveHard DriveOptical Drive
Hitachi HDS723020BLA642 Hitachi HUA722010CLA330 WDC WD10EARS-00Z5B1 TSSTcorp CDDVDW SH-S223B 
CoolingCoolingOSMonitor
Phanteks PH-TC14PE with TY-140's Lamptron FCv5 (x2) Windows 8 Pro 64-bit Dell U2412M 
MonitorMonitorMonitorKeyboard
Dell U2412M Dell U2212HM Dell U2713HM Topre Realforce 87UB | Ducky DK9087 G2 Pro 
PowerCaseMouseMouse Pad
Corsair AX-750 Corsair Obsidian 650D Logitech G700 XTRAC Ripper XXL 
AudioAudioAudioAudio
Beyerdynamic DT-770 Pro 250ohm Schiit Bifrost DAC Schiit Asgard 2 HiVi Swan M50W 2.1 
CPUMotherboardRAMHard Drive
Intel Xeon E5-2620 Super Micro X9SRL-F-B 128GB 1333MHz LSI 9271-8i 
OSPowerCase
VMware ESXi 5.5 SeaSonic SS-400FL2 Fractal Define R3 
CPUMotherboardGraphicsRAM
Intel Core i5-3437U HP EliteBook Folio 9470m  Intel HD Graphics 4000  16GB DDR3 SDRAM 
Hard DriveOS
256GB SSD Windows 10 Insider Preview 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Ars] Firefox is out of the iOS game until Apple changes its ways