Monday, July 23, 2007

Hacked to pieces

Even the hackers fell for the hype and got themselves iPhones, and are now busy getting different kinds of code to run on it. Like hello world. Like remote exploits that let you run custom code as root. It seems Apple didn't pay much attention to security at all. I'm sure they saw this coming, but with their limited experience in the field, they didn't get the maths right: 1 (people like to hack their devices, like Apple TV and the iPods) + 1 (the iPhone has lots of wonderful networking features) + 1 (an iPhone will probably contain some sensitive information) = 3 (legitimate users might actually suffer).

It'd be interesting to see how well a Symbian device would stand the test, but I guess they aren't interesting enough to attract competent people like those responsible for the above mentioned hacks, but some things are obviously done much better in Symbian than in MacOS. Like the web browser doesn't run with full privileges. Like the web browser probably can't even access your text messages. Basically, Symbian OS 9 is built with security in mind, like a smartphone should be these days. The iPhone is a smartphone (as in a very smart phone, never mind how people might define it), but it seems to be designed on the assumption that if you're not officially allowed to run 3rd party native code, you won't. Now there's a mistake.

(I don't know enough about the security features of eg. Windows Mobile to talk about that.)

Saturday, July 21, 2007

A platform security design miss

Designing software is difficult, which is why the waterfall model is such a joke. You don't get the design right the first time. If you ever get it right, it's after it's been used for real, and you've corrected the worst mistakes. (There are exceptions, where the original design happens to be so good that it lasts. Despite what some people think about the standard C library (and the language itself) nowadays, it was created around 1970, and it still makes sense. You don't see that kind of stuff often. The details that have changed aren't really important.)

I've been quite impressed with the design of Symbian platform security. It works. It's pretty sane. It's conceptually quite simple. Of course, it's horribly complicated to learn how to live with it in practice, but on a technical level, it's good. (The infrastructure around it isn't very good, but we'll ignore that for now.) However, there are some mistakes in it. One is the one making hacks such as this one necessary. When you install an app on the external memory card, a checksum of the executables are stored on the internal one, as that one is more safe (it can't be removed and edited outside the phone, at least not easily). This leads to an interesting problem, which was probably very hard to foresee: if you format the internal memory card, you can't run the apps installed on the memory card anymore, as the checksums are gone.

You might argue that you shouldn't have to format the memory card on a working system. Sure, but it's not a good idea to design around the assumption that every system will be perfect. Smartphones are far from perfect. The software on them is very complex, and there will be bugs. I have to format the internal memory card on my phone now and then, because there's some sort of leak which means that it'll be filled up, and there's not much I can do about that, as I can't clean stuff up manually, as platform security prevents me from tampering with most of the contents. However, the same problem would occur if a badly behaved app was installed on the phone and started filling up the memory card, so it could happen on a perfectly working system as well.

Thursday, July 19, 2007

Quality software

People like to say things like "and as Symbian is an open system, there's lots of third party apps available". Sure, there are a number of 3rd party apps out there, but how good are they? I haven't really sampled all that many recently, and what I've seen has been disappointing. It's nice to see that AllAboutSymbian are commenting on this as well. It's not like the stuff pointed out in that article are hard to fix, but face it, there's not much available, and what's out there is often quite bad.

This isn't the usual rant topic ("programming for Symbian sucks"). It's about sloppy developers. I hope people take this seriously, because if most of the 3rd party software sucks, there's not much point in having an open platform, right? And if the only advantage of having an open platform is taken away, we might as well have closed platforms. And that like... sucks.

Thursday, July 5, 2007

Prada disappointment

I got to play around with the LG Prada phone a bit today, and it was a very disappointing experience. I had expected it to be slick and designish, but while the design of the actual phone was quite nice, albeit very conservative, the user interface was horrible. It's implemented using FlashLite, a piece of technology that I haven't really bothered to have a closer look at before, and after seeing the Prada phone in action I just want to forget about it.

Some time ago I read a blog posting about FlashLite, by someone working at Adobe. He wrote something like "on a regular phone you'll achieve a framerate of 6-7fps", which I wrote off as a joke. But he wasn't joking. It really is that slow! Actually, the "animations" I saw on the Prada phone looked more like slideshows.

I work at TAT (yes, I agree, the homepage is quite ugly), where we develop stuff like Kastor, a graphics engine, and Cascades, a UI toolkit. Currently, we're working with four out of the five biggest OEM:s (although only Samsung and Sony/Ericsson are offical so far, you'll hear about the others as soon as I'm allowed to speak of them, ie. when they have products with our code in them on the market). Our solutions are so vastly superior to FlashLite that it's a shame to even call Adobe a competitor. I've been hearing that we're really good at what we're doing ever since I stated working at TAT, and I've sure noticed that my co-workers are competent, but I had no idea that we were so much greater than the so called competition.

If you can't get a framerate of at least 15fps, you're not even in the game. All that Adobe can hope for is that Moore's law will keep up its promise, that all phones will soon have hardware accelerated graphics or whatever. Until then, FlashLite is a joke. And it's still a joke if you need workstation type hardware to run their software. Sorry. If stuff like this is acceptable in the mobile phone business, I can finally understand why people are ranting and raving about the iPhone. I just hope I'll get to play with one of those one of these days. I'm sure I won't be as disappointed as I was by the Prada UI.