Archive for August 16, 2019

Friday, August 16, 2019 [Tweets] [Favorites]

Apple Files Lawsuit Against Corellium for iOS Virtualization

Juli Clover (Hacker News):

Apple today filed a lawsuit against Corellium, a mobile device virtualization company that supports iOS. Corellium describes itself as the “first and only platform” that offers iOS, Android, and Linux virtualization on ARM.

In the lawsuit, filed today in the Southern District of Florida, Apple accuses Corellium of copyright infringement for illegally replicating the operating system and applications that run on the iPhone and the iPad.

[…]

Apple says it does not want to encumber “good-faith security research” but instead is aiming to end Corellium’s “unlawful commercialization of Apple’s valuable copyrighted works.”

Thomas Brewster:

The startup is Corellium, first revealed by Forbes in February 2018, when the husband-and-wife founded company came out of stealth. Its product provides “virtualized” versions of iOS. For security researchers, such software-only versions of the Apple operating system are incredibly valuable. For instance, it’s possible to use Corellium to pause the operating system and analyze what’s happening at the code level. Some in the industry have called it “magic,” as it should help security researchers uncover vulnerabilities with greater ease and speed than having to work with a commercial iPhone.

Various sites have called this “iOS emulation,” but it sounds to me more like running iOS on commodity hardware (i.e. iOS Hackintoshes) and then selling online access to the virtual machines. This seems really useful but almost certainly violates Apple’s copyright and/or software license agreements.

See also: Apple v. Psystar.

Previously:

Update (2019-08-19): Steve Troughton-Smith:

you have to download & install your own IPSW last time I tried, but I don’t know what advanced offerings they have for special customers.

If Corellium is only providing hardware that you install iOS on yourself, I would think they (but not the customer) would legally be in the clear. But that doesn’t seem to be what they’re doing.

Brendan Shanks:

A screenshot from the complaint shows a list of iOS versions, which they apparently download-on-demand. Legally feels shakier than requiring the user provide an IPSW

Lorenzo Franceschi-Bicchierai:

Matt Suiche, a well-known researcher who developed virtualization software in the past, tweeted: “Imagine what today's Cloud Computing landscape would look like if VMware had been sued by IBM or Microsoft back in 1998,” referring to the popular virtualization platform VMware. Daniel Cuthbert, who is on the Black Hat conference review board and a veteran of the infosec community, called it a “poor move” by Apple. Luca Todesco, a well-known iPhone hacker, said this lawsuit is akin to Apple pulling “a Sony,” in reference to the Japanese giant suing security researcher George “Geohot” Hotz, in 2011 for jailbreaking the Playstation 3.

[…]

The employee explained that the way Apple licenses its software, you can’t run a virtual version of MacOS on VMware or other virtualization platforms if it’s not running on a Mac computer. Corellium does something similar, but with iOS.

The Version Museum

Jason Kottke:

The mission of Version Museum is to record and present what the interfaces of software and websites looked like, from their earliest versions until now. The site’s tagline is “a visual history of your favorite technology”.

For example, it has Amazon’s first Web site, Adobe Photoshop, iTunes, Microsoft Word, as well as classic Mac OS, Mac OS X, and iOS.

Previously:

Update (2019-08-19): Doeke Zanstra has a collection of Microsoft Office icons.

App Store Editorial Stories on the Web

Benjamin Mayo:

Apple has recently updated its App Store Preview pages for stories to allow users to view the full content of stories from inside their desktop web browser. App Store stories have always been shareable as links, but the web version was just a title and a navigation link to ‘open this story in the App Store’.

Between August 9th and August 11th, Apple has upgraded the experience and now includes full imagery, app lists and paragraphs copy in the web version. This means you can access the same content online as you would be ale to find in the native App Store experience.

[…]

Whilst you still cannot access the App Store front page from the web, or buy apps through the browser, if you see someone share an App Story story about an app you might be interested in, it’s now a much nicer experience to interact with that article from a Mac.

John Gruber links to the feature for Yoink, and I can view that in Safari, although it simultaneously opens the App Store app on top of Safari. However, the feature for ToothFairy still uses the old style of showing the artwork without the editorial text (and also opens the Mac App Store app). On iOS, it shows the text from the Mac App Store in the iOS App Store app. So you can’t select text, copy it, or search, like you could if it were in a Web browser.

Previously:

Update (2019-09-03): Gus Mueller:

The link above will give a little preview to the story, but to read the whole thing, you’ll need to follow the link to the Mac App Store.

No way to read the story in a browser or to select/copy/print the text. If you want to save a copy of it, I guess you need to screenshot it (and scroll down and screenshot it again).

Should the Web Be archive.org?

Dave Winer:

There’s a consensus that porting the [LinuxJournal site] to archive.org is the answer. Jon Udell, a highly respected developer says on Twitter that redirecting to archive.org, as Doug Kaye does, is the “gold standard” for preserving sites.

I’ve always resisted this, instead preferring that we take steps to make the web itself more permanent.

Archive.org is great, but I agree that it’s unsatisfying that the Web itself can’t be preserved.

AMP Server-Side Rendering

Sebastian Benz (Hacker News):

AMP now officially supports a technique called server-side rendering (SSR) which you can apply to your AMP pages to make them load even faster. Our tests show increases of up to a whopping 50% on the popular FCP metric. The Google AMP Cache has utilized this technique for a while, but now you can also use it on your own domain!

[…]

SSR is a technique for improving first-contentful-paint times (FCP) for frameworks rendering the page client-side such as React or Vue.js. The downside of client-side rendering is that all Javascript necessary to render the page needs to be downloaded first. This delays the time until users can see the actual content of the page. To alleviate this, both React and Vue.js support pre-rendering the DOM on the server on navigation requests. Rendering is then picked up by the client-side Javascript, a process called (re)hydration. Users will be able to see content much faster as a result.

[…]

With this attribute being set, the validator treats SSR’d AMP as valid AMP. SSR’d AMP optimizations break the rules of the AMP spec, hence making the document invalid, which is why it’s necessary to indicate this case with this new flag. With the flag and the optimizations both being in place, the document is considered valid and you’re good to go.

amluto:

Wait, does this mean that websites could serve plain HTML but set this flag and this avoid being penalized by Google? Win!

Ricky Mondello:

If only the industry had thought of servers directly sending markup to render pages from the beginning. 🙄

Update (2019-08-22): Curtis Herbert:

Piece by piece AMP stops being about a “lightweight page” and more a full replacement to the standards that power the web.

They are using thier search engine dominance to force everyone to adopt this stuff, otherwise no one would. No one needed or asked for this stuff.

Chrome pulled out all the stops to woo over the tech space over the course of a decade, only to pull the rug out from under things that are Bad For Google (content blockers) now that they are the dominant browser.

Think AMP isn’t going to go the same way?

See also: How can we destroy AMP?.