Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:Are they actually powered down? (Score 5, Informative) 59

If you go to Settings -> Privacy -> Diagnostics & Usage -> Diagnostics & Usage Data on an iPhone that suddenly powered off, the reason why might be in one of those logs. For example, it may be something like a kernel panic or a thermal event (getting too hot and then being forced to shut down). Both events will be logged.

Comment Re:Can anyone explain in actual meaningful terms? (Score 4, Informative) 143

The description of bitcode’s purpose is just a bit wrong.

Bitcode is designed to remove the requirement of needing multiple architecture slices for architectures that are just slightly different. For example, when the iPhone 5 came out it supported an “ARMv7s” ISA. This added a few new instructions to ARMv7 like integer divide to increase performance. However, in order for developers to take advantage of it, their app had to have executable code slices for both ARMv7 and ARMv7s, increasing binary sizes. Furthermore, it required every library ARMv7s code linked to also have an ARMv7s slice.

This quickly became a pain in the ass and ARMv7s was dropped in Xcode 6.

Bitcode would address this issue. A developer would compile their app to Bitcode (a specific type of LLVM IR) and then Apple would later compile it fully into the target ISA.

This is especially relevant for ARMv8 as ARMv8.1 is the latest version with slight changes.

Comment Re: UUID can be generated (Score 1) 79

They have the app name, there's no reason to do that with a UUID

But as I mentioned before, there's no phishing support in XcodeGhost as their use of UIAlertView doesn't allow for any text input fields. Even if a different malware tried to phish with a fake dialog, real Apple ID password dialogs on iOS never have a blank entry for the username, it's always part of the dialog text because iOS knows what your Apple ID is. This makes it significantly easier to not be fooled by just taking a cursory glance of the dialog.

Comment Re: Actually, the opposite (Score 1) 79

Why do you ask? It is a damaged executeable ... or so the dialog says.

Is this some kind of weird, surreal art project of yours? You just asked in response to my post that included a screenshot of the dialog:

Gatekeeper is not preventing third party apps from launching, it only asks: "look, this is a third party app, downloaded from the internet, do you want to launch it anyway?"
Guess what I answer: yes!

There is no OK, Open, or "Yes" button on that Gatekeeper dialog.

Comment Re: Poor mans ken Thompson attack (Score 2) 79

It's not that they were trying to bypass a payment (Xcode is free to download). It's that Apple's severs are just so damn slow if you can't get access to their content distribution network. Sadly, this is pretty much the case of everyone in China due to the Great firewall of China that strangles access to non-China networks.

It also used to be true if you used Google DNS because previous primary Apple's CDN, Akamai, used DNS to route traffic. In that case, many developers would rather use BitTorrent to grab Xcode than to disable Google DNS.

The real issue is the fact that these developers disabled Gatekeeper. Gatekeeper would have prevented infection.

"You can't get very far in this world without your dossier being there first." -- Arthur Miller