- Updated Facebook privacy and security guide
- How new Facebook APIs affect old security issues
- Social hacking guide to understanding Facebook privacy
- Why exploiting buffer overflows took so long to mature
- Severe flaw in Opera
- Opera fixes extremely severe flaw
- Foxit PDF reader blocks attacks where Adobe’s reader fails
- Facebook flaw exposes chat, user data
- WiFi cracking kits sold in China
- Hacker developers ATM rootkit
- Security firm reveals “silent” patches from Microsoft
- Facebook leaks IP addresses
I am no big fan of Flash but this letter from Apple’s chief rationalizing the exclusion of Adobe’s technology from its mobile OS just irritates me. Sarah Perez has a succinct summary of the letters points if you don’t want to wade through Jobs’ sense of smugness. She has some good analysis around the timing as well as a reprint of the letter in case Apple pulls it. I think her reasoning around the odd place in the market filled by the iPad makes as much sense as any attempt to divine the intentions of Apple’s increasingly capricious tyrant.
The letter irritates me because it co-opts some of the rhetoric leveled against Apple recently by its critics, myself included. One of the points is how Adobe’s Flash is closed and entirely controlled by Adobe. How could these words have been penned without someone’s head exploding is beyond me. Another part of the defense is to point out at how great a job Apple is doing fostering an open standard, HTML5. I have no technical quibbles with that claim, other than skipping over KHTML’s role in the evolution of WebKit. It is a total dodge, though, when the iPhone is considered as an entire platform. It in no way excuses their own utter dictatorship over native applications.
As far as experience of the web goes, yes, Apple’s support of HTML5 is nice but it is disingenuous. Some of Jobs’ criticism of Flash as poorly suited to a touch capable, mobile device can also be applied to Mobile Safari and HTML5. Suggesting that the experience and capabilities between a native application and a web based one are equivalent is just wrong.
Yes, Mobile Safari leads the pack but it still lags behind where it could be. Touch support for anything other than pinch to zoom is a joke. I am sure the faster processor on the newer iPhones and the iPad hide the disparity but there is a gap in performance between HTML5 based web applications and native applications. The crappy multiple tab support is in no way comparable to a full application that gets its own process and OS resources. When iPhone OS 4.0 comes with whizzy multitasking (ripped off of Android’s design for 3rd party multitasking), the gap will become all the more apparent.
Apple would fix this if it was serious about web applications. The full version of WebKit is exploring better compartmentalization and multiprocess support for web applications. Some version of that in Mobile Safari would go a long way. Or allowing web pages stored as icons on the home screen to launch separate browser instances would be an even easier hack to make the web better situated in comparison to native applications. Maybe now that Opera Mini is available for the iPhone, it will urge Apple forward but I doubt it. Opera’s desktop browser strikes me as pushing the envelope but I was less than impressed with Mini when I give it a go on my iPod Touch. I think it would take a more competitive mobile browser, like Fennec. Mozilla saved Jobs’ the task of rejecting Mozilla’s offering by refusing on principal to port it to the iPhone, not that I blame them in the slightest.
I would like to see Flash die the incendiary death it deserves as much as the next morlock. The enemy of my enemy here, though, is not my friend. I resent Apple’s smug semi-truthful defense of its own hatred of Flash. As much as I hate the closed and controlled nature of Apple’s mobile offering, I’d respect them more if they skipped this unnecessary letter or cut it down to the quick and just admitted they loathe Flash as much as anyone else who works with technology and has to bear close and repeated witness to Adobe’s crown jewel spit up all over itself.
I don’t know how to interpret this story at The Register other than a move by Adobe to stretch its tentacles deeper into the web. The article mentions this capability being used to perhaps drive VoIP and online gaming. I have to admit the prospect is attractive despite my overpowering aversion to Flash. I suppose another way to read this is Adobe taking advantage of its ability to add anything and everything to its platform in an attempt to stave of HTML5 which now impinges very strongly on the spaces where Flash has traditionally been used, serving audio and video.
This raises all kinds of concerns in terms of even worse exposures as a result of Adobe’s haphazard record on security. The mind boggles.
Finally, I have to wonder about the natural application of P2P: file sharing. In-browser file sharing may be the dream of some content grazers and undoubtedly the nightmare of big content. It would require a third party to implement such an application but I can see rights holders confusing the issue. Adobe could easily get splatter with secondary liability if a file sharing application gets built with their tools. It might be interesting to see a big tech company trying to defend a technology that we all now has substantial legitimate uses if this comes to pass.
- Copyright violation ransomware in the wild
- Another VM based secure OS receives NSF funding
- Dubious benefit of some conventional security wisdom
- Privacy preserving algorithm for databases of personal info
- Apache.org passwords compromised
- How to exploit NULL pointers
- Adobe, MS push security updates
- Attacks exploit unpatched Adobe applications
- Unpatched Java exploit in the wild
- Java patch for latest exploit
- Apple fixes pwn2own flaw in Safari
- Executable PDF exploited by Zeus malware
- New OSX malware variant spotted
- Foiling a chain lock with a rubber band
- Security updates for Foxit, Quicktime/iTunes
- Real dangers of PDF executable trickery
- Removing the RSA 1204 v3 certificate from Firefox
- Silent updater for PDF, critical patch coming from Adobe next week
- Serious Java flaw enables web based attack
- Widespread attack on WordPress blogs
- Remote malware injection via network controller
- Security holes find in smart meters
- Apple fixes dozens of security holes
- Emergency MSIE patch
- Hacker finds a way to exploit PDF even without a vulnerability
- Adobe, Foxit looking at PDEF executable hack
- Trivial iPhone flaw leads to privacy leak
- The chilling effects of malware
- Researchers pick apart search engine poisoning
- Privacy glitch exposes Facebook users’ emails briefly
- Mozilla close to fixing info leak with CSS history
- Java patch closes 27 holes
- Facebook phishing campaign also serving malware
- Mozilla first to patch pwn2own flaw
- Chuck Norris botnet
- US inadvertently enable Chinese attack on Google, others
- Google to re-confirm opt-in details for Google buzz
- iPhone OS rootkit demonstrated
- Comcast launches first public DNSSEC trial
- Adobe fixes critical flaw in download manager
- Latest Twitter phishing scam
- GoDaddy wants your root password
- Microsoft uses legal means to stop botnet
- FB glitch sends private messages to wrong people
- Google working to address privacy concerns around Buzz
- Protecting your privacy in Buzz
- Google Buzz exposes geolocation data
- More on Mozilla’s debate over trusting the Chinese CA
- Unannounced update from Adobe fixes security holes
- Adobe supports private browsing, deleting Flash cookies
- Using typing cadence to spot unauthorized users
- Zero day bug in FF 3.6
- Adobe download manager installs software without permission
- Microsoft advises IE upgrade even though new versions have the sameflaw
- MS downplays risk of IE flaw, sows more FUD
- France, Germany recommending moving away from MSIE altogether
- D-Link warns of vulnerable routers
- D-Link privilege escalation patched
- MS to ship emergency IE patch
- Apple fixes a dozen security flaws
- Cross domain requests and access control in Mozilla
- New clickjack attack on Facebook
- Flaws in embeded crypto
Via to listener Jonathan
- Facebook apps become more attractive targets
- Hack reveals large quantity of weak passwords
- Mozilla update includes security fixes, improvements
- Tor gets a security update
- Twitter users exposed due to Flash flaw
- Adobe ships critical Shockwave fix
This is news cast 202, an episode of The Command Line Podcast.
In the intro a shout out to SLUG and a huge thank you to Holger for his ongoing donation.
Also, if you are a listener, reader or acquaintance of Tee Morris’ and want to know how you can help in his time of need, you can donate to a fund for his daughter, participate in an auction schedule for next month, or buy one of his many excellent books.
In this week’s news Jaron Lanier’s Web 2.0 rant, whether cheap tech undermines legal protections including broader ramifications for online privacy, testing the first build of Mozilla’s multi-process project which I first mentioned over six months ago, and the government is skeptical of an earlier suggestion that more wireless spectrum will increase broadband competition.
Following up this week Tenenbaum P2P case defending seeking to overturn damages as unconstitutional and FCC seeks extension for broadband plan.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.