Re: must read Apple's new iPhone/iPad OS 4 developer's agreement

[David Farber <dave () farber net>]

Begin forwarded message:

From: George Ou <George.Ou () digitalsociety org>
Date: April 10, 2010 12:53:42 AM EDT
To: "dave () farber net" <dave () farber net>, "shap () eros-os org" <shap () eros-os org>
Subject: RE: [IP] must read Apple's new iPhone/iPad OS 4 developer's agreement

I’m not a fan of Apple and it’s obvious they’re extremely closed, but I must point out that C and C++ run a lot faster 
than the other higher level languages.  uTorrent for example was written in very tight C code and it took over the 
BitTorrent market in a matter of months because people value tight/fast code.
 
 
 
George
 
From: Dave Farber [mailto:dfarber () me com] 
Sent: Friday, April 09, 2010 5:19 PM
To: ip
Subject: [IP] must read Apple's new iPhone/iPad OS 4 developer's agreement
 




Begin forwarded message:

From: "Jonathan S. Shapiro" <shap () eros-os org>
Date: April 9, 2010 6:47:33 PM EDT
To: dave () farber net
Subject: Re: [IP] Apple's new iPhone/iPad OS 4 developer's agreement

[For IP]

The bit about "no downloadable code" has been in place for a long
time. Apple is taking a very clear position that the iPhone/iPad are
neither open nor general devices. What these terms mainly show is that
Apple lacks the core OS technology needed to construct a defensible
platform. In the absence of that technology, a case can be made that
the process of audit that Apple has put into place is desirable.

The bit that actually concerns me here is the requirement about
"original source language" being C, C++, or Objective C. All three of
these development languages are unsafe, and Apple is actually going so
far as to *prohibit* (by exclusion) the use of more modern, safe,
programming language technology. Why should languages like Ada, Java,
C#, Scheme, O'Caml, or Haskell, any of which are dramatically more
reliable than the languages listed, be prohibited? Apple doesn't
market compilers for those other languages, so one speculation is that
this is about extracting revenue from developers.

In an era when computer vulnerabilities are such a serious threat,
proscribing the use of safe languages is not merely passive
negligence. By imposing these terms, Apple *prevents* third-party
software developers from acting according to the current state of the
practice in secure software construction.

It does, at least, suggest a great defense for the iPhone/iPad
software developer: "I wanted to implement a more secure application,
but I couldn't, because Apple's development and distribution terms
prohibited that. Don't sue me, sue Apple." Worse, the Apple policy
justifies the software developer in failing to invest in modern, safer
language technology: when a major platform doesn't accept safer
languages, development cost considerations tend to prevent the
adoption of those languages elsewhere as well.

Anybody who thinks that Apple platforms are secure simply doesn't
understand what's going on technically. Based on their behavior,
neither does Apple.


Jonathan



On Fri, Apr 9, 2010 at 1:24 PM, Dave Farber <dfarber () me com> wrote:

 
From: "Glenn S. Tenney" <tenney () think org>
To: "David Farber" <dave () farber net>
Date: April 09, 2010 03:49:06 PM EDT
Subject: Apple's new iPhone/iPad OS 4 developer's agreement
 
( for IP if you wish )
 
I've been reading comments from many iPhone / iPad developers who are
upset with Apple's new terms for the iPhone OS 4 SDK.
 
One of those comments notes that someone posted Apple's new iPhone /
iPad developer's agreement and made it public at
http://friendpaste.com/AXqmXukhQtU4Sjzvt8tZT
 
It seems that the following is the crux of most of the discussions
I've read (the quote is taken from the above URL's page):
 
"3.3.1 Applications may only use Documented APIs in the manner
prescribed by Apple and must not use or call any private
APIs. Applications must be originally written in Objective-C, C, C++,
or JavaScript as executed by the iPhone OS WebKit engine, and only
code written in C, C++, and Objective-C may compile and directly link
against the Documented APIs (e.g., Applications that link to
Documented APIs through an intermediary translation or compatibility
layer or tool are prohibited).
 
3.3.2 An Application may not itself install or launch other executable
code by any means, including without limitation through the use of a
plug-in architecture, calling other frameworks, other APIs or
otherwise. No interpreted code may be downloaded or used in an
Application except for code that is interpreted and run by Apple's
Documented APIs and built-in interpreter(s)."
 
--
Glenn Tenney CISSP CISM
 
 
 
 
 
 
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
 
 
 
Archives 

 




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com