Craig Federighi ; side loading is a cybercriminal’s best friend

[Commodus]

24 minutes ago, mr moose said:

And apples marketing was/is the most superior in the world.  I believe they won some of the most prestigious awards for brand marketing 10 years in a row.

 

 

I warn people not to read it if they are prone to nausea from companies pretending their motives are pure in marketing:

 

https://cmosurvey.org/award-winners/

 

 

 

Apple has very slick marketing, but that was really the icing on the proverbial cake. The iPhone was simply a much better product to sell than what Nokia was offering.

 

I still remember trying an N95 at the time and marvelling at just how poorly designed S60 was. You had to specify the  connection method every time you wanted to do something online, as if using the internet was a total novelty. And the OS was so unstable that it was virtually guaranteed it would melt into a virtual puddle every 2-3 days. In hindsight, I wonder how Nokia wasn't completely destroyed by BlackBerry (then RIM) or Windows Mobile before the iPhone even showed up. Those platforms at least had more polish.

[Paul Thexton]

1 minute ago, Commodus said:

Apple has very slick marketing, but that was really the icing on the proverbial cake. The iPhone was simply a much better product to sell than what Nokia was offering.

 

I still remember trying an N95 at the time and marvelling at just how poorly designed S60 was. You had to specify the  connection method every time you wanted to do something online, as if using the internet was a total novelty. And the OS was so unstable that it was virtually guaranteed it would melt into a virtual puddle every 2-3 days. In hindsight, I wonder how Nokia wasn't completely destroyed by BlackBerry (then RIM) or Windows Mobile before the iPhone even showed up. Those platforms at least had more polish.

The last Nokia I owned was a low to mid level phone running the same OS as Nokia’s premium phones with more beefy silicon. It was *awful*, when I pressed the menu key I could sometimes count to 2 seconds before anything happened. 
 

I also had a couple of Blackberries and can confirm they had the same problem of the more budget end of the phones struggling to run the OS and remain responsive.

 

During my last couple of Nokias and 2 Blackberries I always felt I should’ve stuck to my Nokia 6310i. 

[mr moose]

9 hours ago, Commodus said:

Apple has very slick marketing, but that was really the icing on the proverbial cake. The iPhone was simply a much better product to sell than what Nokia was offering.

 

I still remember trying an N95 at the time and marvelling at just how poorly designed S60 was. You had to specify the  connection method every time you wanted to do something online, as if using the internet was a total novelty. And the OS was so unstable that it was virtually guaranteed it would melt into a virtual puddle every 2-3 days. In hindsight, I wonder how Nokia wasn't completely destroyed by BlackBerry (then RIM) or Windows Mobile before the iPhone even showed up. Those platforms at least had more polish.

 

Apple killed Nokia,  apples marketing made smart phones popular, Not just for iphone but across the board. BB enjoyed growth at the almost the same rate as apple which is what started nokia's decline, but what really killed nokia and BB together was android (mostly Samsung).

 

 

As you can see BB enjoyed 2 years of Smart phone leadership until samsung ramped up at the end of 2009, by the middle of 2010 BB was in decline and samsung was taking market from both Nokia and BB while apple held ground.

[Vishera]

On 11/7/2021 at 8:10 AM, Arika S said:

On 11/7/2021 at 7:10 AM, saltycaramel said:

1) optional —> people that shouldn’t do it get step-by-step tricked into doing it —> bad things ensue. PROOF: decades of this happening on PCs

where are all the people getting tricked into doing it on android? it is the least efficient way of getting information out of people. Same thing with Linux. Trying to install something you don't really know about on Linux? "hey just run this script in terminal with sudo" and yet Linux isn't riddled with malware despite god knows how many people running commands they don't understand. People still get tricked by fake IRS and Microsoft scammers, so should phone providers start screening every single call to make sure you don't get a scam call come through?

 I side load all of my apps and Android actually has a protection against such situations (I encountered it and that's how i know it)

 

At first android won't let you launch the installer of the APP from the browser with a scary message that it may harm your device.

Then to make that message disappear and try to launch to app you have more steps to do,

And then when you try to side load it again it won't let you launch it - again.

Now you have to allow the installation of apps from unknown sources in the settings.

And only then it will launch.

 

I am fairly certain that all of those measures will deter most people from side loading altogether.

[Commodus]

12 hours ago, mr moose said:

 

Apple killed Nokia,  apples marketing made smart phones popular, Not just for iphone but across the board. BB enjoyed growth at the almost the same rate as apple which is what started nokia's decline, but what really killed nokia and BB together was android (mostly Samsung).

 

 

As you can see BB enjoyed 2 years of Smart phone leadership until samsung ramped up at the end of 2009, by the middle of 2010 BB was in decline and samsung was taking market from both Nokia and BB while apple held ground.

Oh, Android was definitely the long-term killer of Nokia and most other non-Apple platforms. But you can definitely tell the iPhone had a pronounced effect (see that huge dip at the start of 2008), and Nokia scrambled to produce an answer to Apple with phones like the 5800 XpressMusic — Android wasn't really on the radar at that point. If Android was the knife in the back, iPhone was the punch in the gut that signalled trouble was here.

[ouroesa]

On 11/4/2021 at 2:24 PM, Bombastinator said:

but Lillies are so dangerous to cats that merely having them in a house can kill them. ?

They still need to ingest it and not be treated for a day or three so before they die due to kidney failure. It's toxic to them. Just having them being near it will have next to no effect. 
It's got nothing to do with their immune systems, which are really robust by the way. 

Next time, take your head out of your arse before speaking and spreading falsehoods like its truth.

[Bombastinator]

34 minutes ago, ouroesa said:

They still need to ingest it and not be treated for a day or three so before they die due to kidney failure. It's toxic to them. Just having them being near it will have next to no effect. 
It's got nothing to do with their immune systems, which are really robust by the way. 

Next time, take your head out of your arse before speaking and spreading falsehoods like its truth.

I was told even the presence of Lilly pollen in the air could cause problems.  If this is not true then of course the connected concept that merely being in the presence of Lillies (because they all have those big yellow things.  Anthers? Stamens? I forget.  They’ve got both) would cause problems does not follow.  I think part of this is we are using different definitions of immune system here. Cats have a fairly robust immune system (when talking about things like white blood cells and stuff, which I wasn’t.  Intestines don’t even fit in that definition) when accusing people of talking out of their buttocks as you have so done perhaps you should yourself to make sure it is not you who are doing so.  I don’t mind the statement about the concept of the word “immune” and I don’t know enough about Lilly pollen or cats reactions to it to say anything other than what I was told, but the whole accusation about arses seems rather oddly specific.  Is there an axe you have to grind here?  This reminds me of a situation I ran into as a child where I learned that human farts contain gasses that were bad for plants.  Another child then farted on a leaf and when the plant did not then immediately die called me a liar, as you have just done, if not in quite so many words.  His reaction also included insults.  In his case there was also jumping around and dancing.

Edited November 8, 2021 by Bombastinator

[ouroesa]

6 minutes ago, Bombastinator said:

I was told even the presence of Lilly pollen in the air could cause problems.  If this is not true then of course the connected concept that merely being in the presence of Lillies (because they all have those big yellow stamens) would cause problems does not follow.

'Could' being the operative but in the real world, its extremely unlikely that the amount the will come into contact with via normal pollen distribution will cause any issues. They need to ingest quite a bit (>10g of plant material, less pollen but pollen is less on a plant, also depends on the type of lily.) to cause serious issues (contrary to what you will find on the interwebs)

[Bombastinator]

23 minutes ago, ouroesa said:

'Could' being the operative but in the real world, its extremely unlikely that the amount the will come into contact with via normal pollen distribution will cause any issues. They need to ingest quite a bit (>10g of plant material, less pollen but pollen is less on a plant, also depends on the type of lily.) to cause serious issues (contrary to what you will find on the interwebs)

So is it merely that the pollen is material from the plant and is no more dangerous than other material from the plant?  It would have to be a good bit MORE dangerous than the rest of the plant by weight for there to be a problem.  If it’s merely that the plant sheds dust of itself that tends to float in the air there wouldn’t be enough of it by weight for anything fast acting or serious.  Non serious problems I’m not sure count or not.  They might have for the person who originally relayed that information to me.  She is the type of person to do multi-time daily intravenous drips for her cats and recently spent $600 on specialty cat food (her number) made with venison because her 3 cats were having diarrhea 

Edited November 8, 2021 by Bombastinator

[ouroesa]

You are getting more and more off topic. Pollen, generally, is more toxic than the plants (but much, much less is produced by weight compared to the rest of the plant).

How many times have you died from walking by a toxic plant an breathing in the pollin (such as an Oleander in a parkland, many of them here in AUS)?

 

Think, then speak, please. 

[Bombastinator]

8 minutes ago, ouroesa said:

You are getting more and more off topic. Pollen, generally, is more toxic than the plants (but much, much less is produced by weight compared to the rest of the plant).

How many times have you died from walking by a toxic plant an breathing in the pollin (such as an Oleander in a parkland, many of them here in AUS)?

 

Think, then speak, please. 

Right back atcha.  I’m not sure it was ever more than briefly off topic.  The issue is assumption and comparison.   This is the thing people take issue with in the initial statement the topic is about, and what is being done with the cat/flower thing.  You make statements about pollen in general and compare human reaction as being a good model for cat reaction.  Those are not the issues.  In the cat pollen thing it is specifically Lilly pollen and cats. In the apple thing it is specifically iOS and where that OS is used.  Generalization only may or may not be accurate.  

Edited November 8, 2021 by Bombastinator

[saltycaramel]

Tim Cook (basically): “just buy an Android phone and you’ll get all the sideloading your heart desires”

 

https://www.macrumors.com/2021/11/09/tim-cook-users-sideloading-use-an-android/

 

What does the man have to say more than “look, just buy an Android, I’m begging you, that’s the beauty of choice”? Not much to argue about that. 

[Bombastinator]

1 hour ago, saltycaramel said:

Tim Cook (basically): “just buy an Android phone and you’ll get all the sideloading your heart desires”

 

https://www.macrumors.com/2021/11/09/tim-cook-users-sideloading-use-an-android/

 

What does the man have to say more than “look, just buy an Android, I’m begging you, that’s the beauty of choice”? Not much to argue about that. 

It could also be read: “we’re just not doing this. Period.  You want sideload go elsewhere really.  You can, so do it.”

 

There are possibilities of the why if it I find possibly disturbing. “Not” can have various reasons. Could just be a “don’ wanna” but it could also be a “can’t”.

 

There may be a weak implication that they can’t  for structural reasons, but it is at best nebulous.    It may be that they have problem problems because the software they have lacks adequate defense against non-trusted systems and they therefore HAVE to do it this way. I could see it playing hob with their system integration stuff.  Perhaps they’re just stuck with a trusted computing system environment and they can’t get out of it.  Which worries me.  It’s really weak though.  So much so it might not exist. 

[saltycaramel]

They “won’t” because the benefit of appeasing the few who would actually sideload apps is outweighed by the priority of not jeopardising iOS security.

 

Simple as that. 

 

So they say: “If that’s important for you, please, please buy an Android phone. We’re maximising for security but we are aware of devices that strike a different balance and you’re welcome to buy those.”

[mr moose]

6 hours ago, saltycaramel said:

They “won’t” because the benefit of appeasing the few who would actually sideload apps is outweighed by the priority of not jeopardising iOS security.

 

 

Argument only works if it actually jeopardizes anything.  It doesn't therefore not an argument.

[Bombastinator]

9 hours ago, saltycaramel said:

They “won’t” because the benefit of appeasing the few who would actually sideload apps is outweighed by the priority of not jeopardising iOS security.

 

Simple as that. 

 

So they say: “If that’s important for you, please, please buy an Android phone. We’re maximising for security but we are aware of devices that strike a different balance and you’re welcome to buy those.”

Perhaps.  It’s a significant possibility.  Reason and justification aren’t always the same thing though.

[AnonymousGuy]

17 hours ago, mr moose said:

Argument only works if it actually jeopardizes anything.  It doesn't therefore not an argument.

Look we got an iOS security expert here with the confidence to say sideloading can't possibly introduce any security problems.  Are you going to say that no one ever installs viruses on their PCs next? 

 

The day you allow sideloading on iOS is the day grandma fucks her iPhone up because she's just going to blindly follow some screenshot see sees on facebook that says "tap these obscure links, uncheck all these "silly" security settings, and you have candybirds 69 installed in a jiffy".

 

Praise Apple for not listening to the handful of techies who don't even own iPhones offering shit suggestions for how to implement iOS.

[Bombastinator]

19 minutes ago, AnonymousGuy said:

Look we got an iOS security expert here with the confidence to say sideloading can't possibly introduce any security problems.  Are you going to say that no one ever installs viruses on their PCs next? 

 

The day you allow sideloading on iOS is the day grandma fucks her iPhone up because she's just going to blindly follow some screenshot see sees on facebook that says "tap these obscure links, uncheck all these "silly" security settings, and you have candybirds 69 installed in a jiffy".

 

Praise Apple for not listening to the handful of techies who don't even own iPhones offering shit suggestions for how to implement iOS.

From what I have seen so far there is an argument that the amount of trouble caused by phones that sideload is fairly minimal.  It’s based on world wide numbers though which may not be useful alone in this specific case. There is a granularity issue which may obscure an actual problem.  There may also be other problems specific to either iOS or things that run on iOS.  iOS does some things that are quite different than android. I don’t know what those repercussions might be if any.  There does seem to be a repetitive assumption about apple motivation here.  I don’t know if it’s necessarily an incorrect assumption, but there is a lack of evidence that in Apple’s specific case they actually make a bunch of money from the behavior.  Even if they do though, there may also be other issues at play.  If there are any hardware or software specific things that make something running iOS MORE vulnerable to sideload malware, minimizing them would be a good idea if possible even if they don’t ever side-load.  That it would be nice for consumers if there was more software for iPhones available is I think unarguable, but I don’t know if that itself is enough of an argument.

Edited November 10, 2021 by Bombastinator

[AnonymousGuy]

2 minutes ago, Bombastinator said:

From what I have seen so far there is an argument that the amount of trouble caused by phones that sideload is fairly minimal.  It’s based on world wide numbers though which may not be useful in this specific case. There may also be other problems specific to either iOS or things that run on iOS.  iOS does some things that are quite different than android. I don’t know what those repercussions might be if any.  There does seem to be a repetitive assumption about apple motivation here.  I don’t know if it’s necessarily an incorrect assumption, but there is a lack of evidence that in Apple’s specific case they actually make a bunch of money from the behavior.  Even if they do though, there may also be other issues at play.  If there are any hardware or software specific things that make something running iOS MORE vulnerable to sideload malware, minimizing them would be a good idea if possible even if they don’t ever side-load. 

In an analogy the more windows you put on your building the more chances someone throwing a rock has to break something.  We don't need to rehash that minimizing your attack surface area is smart.  It's how it always has been when you minimize user privilege, close ports, sandbox, shut down unneeded services, blah blah blah.

 

And why do we even want to sideload anyways?  "oh there might be some app that I can't even think of doing something I can't foresee that I want to install but wouldn't be allowed under app store guidelines".  What?!

[Bombastinator]

4 minutes ago, AnonymousGuy said:

In an analogy the more windows you put on your building the more chances someone throwing a rock has to break something.  We don't need to rehash that minimizing your attack surface area is smart.  It's how it always has been when you minimize user privilege, close ports, sandbox, shut down unneeded services, blah blah blah.

 

And why do we even want to sideload anyways?  "oh there might be some app that I can't even think of doing something I can't foresee that I want to install but wouldn't be allowed under app store guidelines".  What?!

There appears to be a specific one within the community originally having to do with floatplane software.  That may have been worked out though.  That the concept of footprint minimization is logical follows. There are a lot of things in the world that appear wildly non-intuitive until tested though. Then in hind-sight they usually appear completely logical.  Both Newtonian  and non-Newtonian  physics for example. 

[Bombastinator]

There’s a question:  did android ever not side-load?  If so when? Side-loading as a setting and as a hack need to be differentiated,  Did iOS ever sideload even as a hack?  My memory is that at one point iPhones were rootable, which implies yes.  It kept on happening occasionally despite attempts to prevent it.  If so when and what sort of problems occurred?  Hacking a phone to side-load is even more rare and difficult than removing a default setting.   It occurs to me that android has had more time to prevent problems from side-loading. Possibly since it’s inception. 

Edited November 10, 2021 by Bombastinator

[mr moose]

3 hours ago, AnonymousGuy said:

Look we got an iOS security expert here with the confidence to say sideloading can't possibly introduce any security problems.  Are you going to say that no one ever installs viruses on their PCs next? 

 

The day you allow sideloading on iOS is the day grandma fucks her iPhone up because she's just going to blindly follow some screenshot see sees on facebook that says "tap these obscure links, uncheck all these "silly" security settings, and you have candybirds 69 installed in a jiffy".

 

Praise Apple for not listening to the handful of techies who don't even own iPhones offering shit suggestions for how to implement iOS.

Absolutism and ignorant insults aside,  you don't need to be a genius to see the exploit statistics on side loading.