I had heard that the iPhone does not have Javascript in its pared-down Safari. Does anyone know if that has changed? If not, Dashcode will not be the basis for developing code on the iPhone.
What I would like to see Apple do is require every aspiring iPhone developer to register for their own private signing key and for each application to be signed by said developer. The iPhone would then verify the signature before allowing the app/widget to run.
That way, if malware were to start appearing, Apple would know exactly where it came from, would be able to chase up the guilty parties and could even issue a "revoked key" list via iTunes (or GPRS-push or during voice phone calls etc), thereby preventing any other iPhones from launching the evil app in the future.
Obviously this would rely on some sort of secure and verified communication between Apple and the aspiring developer before the key could be issued, but I'm sure figuring that out wouldn't be beyond Apple.
The problem with that aproach is that developers can write code that will eventualy cause resources to get exhausted or corrupt the phone and they can still sign the software.
You sign software as proof that you are the software distributor, it does not proof that the software is free of bugs.
Then there is the possiblity that a rogue employee at a company that has a signature key could introduce malware and further there is the possiblity that a company with a signature key could be hacked. Most Apple developers are small and sometimes only a couple of guys, they don't have the resources and time to protect themselves to the level that Apple can.
If instead Apple does the signing, they would perform a code review first and a bunch of tests to detect leakage and memory corruptions. Tests can be performed in emulators that will detect and freeze things at the first sign of trouble.
Apple has the capital and resources to do it right.
If instead Apple does the signing, they would perform a code review first and a bunch of tests to detect leakage and memory corruptions. Tests can be performed in emulators that will detect and freeze things at the first sign of trouble.
That was my first thought as well, but if they're going to do that, Apple will need to rethink their policy for submitted code. As it stands just now, any code you submit to Apple becomes their property to do with and use as they please *. Given Apple's history with the likes of Sherlock2 and Dashboard (to name but two), a lot of people will think twice before sending them any of their code base.
* Developer T&Cs, page 9, last sentence of clause 5. It's entirely possible that I've misinterpreted it, and would love to stand corrected, but I don't think I have.
Comments
I had heard that the iPhone does not have Javascript in its pared-down Safari. Does anyone know if that has changed? If not, Dashcode will not be the basis for developing code on the iPhone.
JavaScript it has, what it does not have is JAVA.
HERE
What I would like to see Apple do is require every aspiring iPhone developer to register for their own private signing key and for each application to be signed by said developer. The iPhone would then verify the signature before allowing the app/widget to run.
That way, if malware were to start appearing, Apple would know exactly where it came from, would be able to chase up the guilty parties and could even issue a "revoked key" list via iTunes (or GPRS-push or during voice phone calls etc), thereby preventing any other iPhones from launching the evil app in the future.
Obviously this would rely on some sort of secure and verified communication between Apple and the aspiring developer before the key could be issued, but I'm sure figuring that out wouldn't be beyond Apple.
The problem with that aproach is that developers can write code that will eventualy cause resources to get exhausted or corrupt the phone and they can still sign the software.
You sign software as proof that you are the software distributor, it does not proof that the software is free of bugs.
Then there is the possiblity that a rogue employee at a company that has a signature key could introduce malware and further there is the possiblity that a company with a signature key could be hacked. Most Apple developers are small and sometimes only a couple of guys, they don't have the resources and time to protect themselves to the level that Apple can.
If instead Apple does the signing, they would perform a code review first and a bunch of tests to detect leakage and memory corruptions. Tests can be performed in emulators that will detect and freeze things at the first sign of trouble.
Apple has the capital and resources to do it right.
does it have flash and shock wave?
Not yet unless something has changed.
i too see Apple opening up their code on the iPhone, but who is to say that they will not open their channel of distribution.
HERE
Go away.
If instead Apple does the signing, they would perform a code review first and a bunch of tests to detect leakage and memory corruptions. Tests can be performed in emulators that will detect and freeze things at the first sign of trouble.
That was my first thought as well, but if they're going to do that, Apple will need to rethink their policy for submitted code. As it stands just now, any code you submit to Apple becomes their property to do with and use as they please *. Given Apple's history with the likes of Sherlock2 and Dashboard (to name but two), a lot of people will think twice before sending them any of their code base.
* Developer T&Cs, page 9, last sentence of clause 5. It's entirely possible that I've misinterpreted it, and would love to stand corrected, but I don't think I have.