Tag: apple

Living in the Nexus

No Comments

I recently purchased a new Asus / Google Nexus 7 tablet, and I’m writing this entry on it! It’s awesome, and at a great price, I recommend it to anyone considering a tablet – whilst it is smaller than the iPad, and with a slightly less good screen, its specs measure up well otherwise, and the price is ace. £160 or £200 (depending on storage space) and generous current offers from Tesco Direct for £20 off (see HotUKDeals.com). You even get £15 worth of Google Play credit, to spend on music, movies, books and apps.

As I already said, you get a 7 inch, HD screen, covered by Corning Glass (although jury is out on whether it is their ‘gorilla’ brand – some report yes, some report no but with a scratch-resistant coating, some report a so-called ‘gorilla glass v2’). Regardless, the screen is good, clear and durable – I can tell as I already dropped mine! (Actually I think it was a poltergeist – it was sitting on a flat desk yet slid off). As usual, it collects fingerprints like most touchscreens…
The processor, for those interested, is an awesome quad-core ARM Cortex A9 at 1.3GHz, running on an nVidia Tegra 3 platform. This gives it great power both at regular tasks as well as multimedia. It multitasks brilliantly, and thanks to this power as well as Project Butter, transitions are smooth and seamless. It just feels NICE to use, and as an Android user, I admit that has been a problem in the past – but not on the Nexus 7.

One side point, the original release was a bit of a mess, with many more preorders than expected. This high demand led to a bit of a nightmare for Google, with a considerable quantity of preorders arriving late, in some cases after the brick and mortar stores had received them. This is something that Google will need to improve upon if it continues to supply physical devices for sale on its Play Store. Some users who had preordered from the beginning ended up cancelling and walking into stores to get it there. It’s a heavy criticism, mitigated by the much higher preorder numbers than expected.

That aside – I can’t express how happy I am with it. It took all my current Android apps from my phone fine, it took my email accounts, my Facebook, Twitter. Chrome runs beautifully and looks just like my desktop. Battery life is fantastic – definitely the quoted 8 hours of moderate to heavy use it was quoted for. Streaming video and music works great. It feels nice in the hand, perfectly portable, with a nice rubberised feel to its back cover.

So, if you are considering a tablet, whether its for gaming, movies, reading, on-the-go documents, you could do worse than the Nexus 7 – and its worth having a play with while you look at that shiny iPad, and it is a fraction of the price, courtesy of Google selling it at cost.

Give it a look – you might find it to be just what you want!

Apple App Store – Walled garden, or pit of snakes; the security flaws

No Comments

Some might be familiar with the name Charlie Miller. He is a well-known software security expert, most known for his work with Apple products of late. His previous accomplishments include the hack of the Intel MacBook line smart batteries, which were all protected by the same two passwords and could be accessed by software (Good one Apple – create a situation where some internet script kid could disable my battery remotely…). This time around, he turned his eye to Apple’s prized feature – the App Store.

Whatever you think of the walled garden approach they adopt, there is no doubt that the App Store is a commercial success (for Apple – unfortunately for the devs, it’s mostly a gambling exercise where a few make millions, the rest lose their shirt). It works well for the consumer, as Apple personally go through each submitted app, making sure it meets the standard they expect. Apparently, that inspection is supposed to cover security. However, Charlie Miller has put a chink in that assertion, by releasing an app which is capable of receiving remote commands and putting those commands into effect on your device. What’s more important, is that this app, called InstaStock and designed as a simple stock ticker, got right through the fabled verification process without a hitch.

The roots of the flaw are based on how Apple enforce code-signing, and Apple’s desire to speed up the phone browser in competition with other devices. A technique used in all sorts of software and security, code-signing in basic terms relies on Apple wrapping the software with a code, and any software without this code is refused. That is similarly why you can’t just download some app straight onto your iPhone – it isn’t signed and therefore the phone won’t run it without a jailbreak. However, by manipulating the access given to javascript commands in the browser, and Apple’s addition of a special exception (allowing the browser to run unsigned code in an area of the memory) opened a hole. Whilst Apple had protected that exception with other methods, blocking untrusted websites from using it, Miller found a way around that:

“Apple runs all these checks to make sure only the browser can use the exception,” he says. “But in this one weird little corner case, it’s possible. And then you don’t have to worry about code-signing any more at all.”

Miller has already promised that he won’t reveal more detail about the bug until his talk next week in order to give Apple more time to fix the flaw, planning to discuss the flaw in detail at the SysCan conference in Taiwan next week.
Using the flaw, he got the aforementioned app placed into the store, and demonstrated that it could connect to a remote machine to download instruction and execute them at will. Functions such as photos, contacts, sound, vibration and other iOS functions are accessible, according to Forbes.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Whilst many will point out that Android already has this kind of malicious application, Google do not purport to guarantee the safety of their Market – they encourage you to be vigilant, and use a permissions-check system to tell you exactly what services and functions a program requires. Apple, on the other hand, present a model where worries over safety can be ignored as they have checked everything and it all just works.

”Android has been like the Wild West,” says Miller. “And this bug basically reduces the security of iOS to that of Android.”

Worse, when the deception was all pointed out to Apple, instead of a response of “whoa, dude, thanks. We’ll get this patched right up. Cheers for the heads-up”, instead the app was pulled (no big deal obviously) and then Miller was struck from the developer programme – Miller announced the news on Twitter this afternoon, saying “OMG, Apple just kicked me out of the iOS Developer program. That’s so rude!” But as Apple notes in its letter to Miller (posted below), he violated sections 3.2 and 6.1 of Apple’s iOS Developer Program License Agreement (a separate agreement), which respectively cover interfering with Apple’s software and services, and hiding features from the company when submitting them.

“I don’t think they’ve ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will,” Miller said in an e-mail to CNET. “That is the really bad news from their decision.”

The real shame from all this is that Apple and their walled garden gives its users a totally false sense of security. Whilst, for both the App Store and Android Market (and any other app stores), 99% of apps will be genuine and safe, you can never be 100% sure. Users should be taking their own precautions, and should not be lulled into complacency. Apple’s insistence on an ‘it just works’ method results in expectation, expectation that when Apple assert that an app is safe (by publishing it on their store) it must be.
In computer terms, you’d call the Apple model gateway security – you secure the entrance, and therefore anything that gets inside must be safe. Unfortunately, that leaves one big, central point of failure. The gateway. And any knowledgeable computer user knows it isn’t just enough to use the firewall on your router – you need the antivirus and firewall protection on the PCs too.

And the final observation – if some nice, white-hat hacker finds a flaw and tells you about it for free, ‘thanks’ will do much better than a swift kicking. I know you have an image to maintain, Apple, and you can’t allow people to lose confidence in your garden, but at least give him some credit.

Christmas iTunes woes

1 Comment

My brother got an iPod Touch for Christmas, and of course that means iTunes! He had previously not used iTunes, as he didn’t have an ipod and didn’t have a great music collection. So, as the older, techy brother, my job for Christmas morning is to set him up, ready to go…

Just one problem… iTunes was being a total whore. It seemed like it would do nothing but freeze, freeze, freeze. If opened from a desktop / start menu shortcut, it would load up but freeze as soon as you try to play a song, or download from the store. Read More

Exposé for Windows

No Comments

OK so everyone loves Exposé for Mac. It’s extremely useful, and I hate that, because Microsoft STILL doesn’t include a decent replacement even now we have Windows 7!

Fear not – while chatting to Sean the other day, he asked if I had something (actually his dodgy memory made him think he had seen me do it while I was showing him Windows 7). I was like, wait, surely there is something? Read More