Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Huge iPhone Cut-and-Paste Tool Security Flaw

timothy posted more than 5 years ago | from the a-sircam-you-can-pay-for dept.

Security 85

Harry writes "I'm using Pastebud, the new third-party copy-and-paste solution for the iPhone. It's extremely clever, using a Web-based clipboard to get around the fact that Apple doesn't provide one on the phone. Unfortunately, it seems to be giving users access to e-mails that other Pastebud users send to their clipboards. This has happened to me repeatedly and is being reported by other users in Pastebud's Get Satisfaction support forum. Pastebud is operational and still doing this as I write, even though a message at Get Satisfaction says they're working on the problem."

cancel ×

85 comments

You reap what you sow... (4, Insightful)

An Ominous Cow Erred (28892) | more than 5 years ago | (#26108359)

...well you *ARE* trusting a small, third party entity with your data on the internet. Can you really expect things that are not on storage you monitor yourself to be secure? Furthermore, why can't it just store your clipboard through local storage? Does it really have to put it up online? Do Apple's apps have no way to store and retrieve local data?

Apple really should have this feature built in, but you shouldn't be surprised when your workaround that involves dumping your unencrypted data on a server somewhere has security issues.

Re:You reap what you sow... (2, Informative)

Naurgrim (516378) | more than 5 years ago | (#26108371)

Ya, if I read this correctly, a quick scan of TFA (I know, not supposed to do that here) seems to indicate this is a *Pastebud problem, not an iPhone problem. Of course, if the iPhone does not have cut'n'paste, that's entirely another problem.

Re:You reap what you sow... (0)

Anonymous Coward | more than 5 years ago | (#26116427)

> iPhone does not have cut'n'paste

jesus christ, what did they pay $500 for?

"Easy to use?"

"Just Works?"

This is 2008 Apple!

Re:You reap what you sow... (3, Informative)

larry bagina (561269) | more than 5 years ago | (#26108383)

Apps are chrooted into their own directory structure, so they can't share data. But, yeah, this is people surprised to get what they should have expected.

Re:You reap what you sow... (2, Informative)

Anonymous Coward | more than 5 years ago | (#26108877)

Furthermore, why can't it just store your clipboard through local storage? Does it really have to put it up online?

You're looking for OpenClip [openclip.org] . It's basically an open spec (well, as open as it can get under Apple's terms) for clipboards on the iPhone, and is supported by several applications. MagicPad is the notepad replacement that is written by the same folks.

Do Apple's apps have no way to store and retrieve local data?

iPhone applications have read-only access to the data of other applications. This prevents the creation of a single app that acts as a clipboard, since you can't (yet) have background apps.

What OpenClip does is specify a standard location in each app for clipboard data. When an app copies, it simply sets this variable to the clipped data. When an app wants to paste, it looks for clipped data in all the installed apps and uses the latest. it wastes a bit of memory if you have copied data from multiple apps, but it's pretty good given the technology. And there's no Internet involved.

Re:You reap what you sow... (0, Troll)

E IS mC(Square) (721736) | more than 5 years ago | (#26110725)

All these efforts, for what? Copy-paste? It gives me immense satisfaction to know that people are getting dumber day by day for buying a smartphone which is not really that smart. Enough of iphone / apple bullshit.

Of course, you can't fault Apple in this case, but it should never have come to this. I salute all iphone users for falling for the hype.

Okay, here come macboys with their modpoints ... 3... 2.... 1....

Re:You reap what you sow... (3, Informative)

makomk (752139) | more than 5 years ago | (#26110783)

According to the OpenClip website, Apple killed it off by tightening up the sandbox so that applications can't read each other's data. This doesn't surprise me.

Re:You reap what you sow... (1, Informative)

Anonymous Coward | more than 5 years ago | (#26111521)

If an app can read other apps' data, that's not much of a 'sandbox' now, is it?

Re:You reap what you sow... (0)

Anonymous Coward | more than 5 years ago | (#26119269)

It's not just about reading any other apps' data, it's about sharing one directory between jails just for the purpose of cut and paste. Is a sandbox not a sandbox because one directory happens to be in another sandbox as well?

Response from their customer service (1, Funny)

Anonymous Coward | more than 5 years ago | (#26108387)

susan cant wat 2 get u hom + push ur butons

o yah

want me 2 pik up anythink @ groccery?

--

Sent from my iPhone

FROM TFA: (5, Informative)

mdaitc (619734) | more than 5 years ago | (#26108401)

(NOTE: Jed Schmidt of Pastebud fixed the problem I discuss in this post yesterday night after I notified him about it. It affected only users-such as me-who misconfigured the service. Scroll down for details...)

Harry,

I've updated this issue over at Get Satisfaction[1], but let me just summarize what exactly was going wrong: you were inadvertently forwarding your emails not to your secret pastebud address, but to the address set as the from address for these emails, which was noreply@pastebud.com.

This happened to other folks too; instead of sending email to secret-random-string@pastebud.com, they were sending to noreply@pastebud.com. And everyone who was doing this ended up sharing the same clipboard.

Anyway, I just wanted to let you know that we've fixed it, and the changed will be live by the morning. You can find more details about the issue here[1].

Thanks again for bringing this to our attention, and let me know if there's anything else you need clarification on.

Jed Schmidt
Founder, pastebud

Re:FROM TFA: (4, Informative)

gcnaddict (841664) | more than 5 years ago | (#26108515)

So what you're trying to tell us is that this story...

...needs a usererror tag, right?

Re:FROM TFA: (0)

Anonymous Coward | more than 5 years ago | (#26108949)

Not at all.

It's the service's responsibility for making it this easy for the user to shoot themselves in the foot.

They should have either required a password or coded the service to set a random string, instead of requiring the user to create their own.

It sounds like there is no authentication - if that's the case, then how long is it going to be before we get a collision in "secret string" and this crops up again?

Re:FROM TFA: (1)

Chaos Incarnate (772793) | more than 5 years ago | (#26109171)

The service does generate a random string for you...

Re:FROM TFA: (0)

Anonymous Coward | more than 5 years ago | (#26112089)

The service does generate a random string for you

Then why does "noreply" come from? Evidently it creates one, but doesn't actually use it.

When will companies learn to disable 'noreply'? (4, Interesting)

JSBiff (87824) | more than 5 years ago | (#26108747)

Seems like every few months you hear yet another story about something bad happening because people are replying to or otherwise using a 'noreply' email address. Here's a clue - if you ever send emails to anyone from a 'noreply' address (or some other similar account name), you better make damn sure your servers are configured to not do something bad or stupid when unobservant users actually do reply to it.

I will give them credit for this: *at least* it was noreply at their own domain. Too often, when you hear about this sort of thing, it's because a company did something like sending an email with a return address of 'noreply@donotreply.com' or something like that (where the domain is not their domain, and is a string which could potentially be registered by someone). I remember reading (ok, just found the story [washingtonpost.com] again) about a guy who had registered the domain 'donotreply.com' for yucks, and started getting all sorts of stuff like replies from Capital One bank customers, when Capital One sent some emails with the donotreply.com as the domain. (Sadly, the website www.donotreply.com where the guy used to blog about all the emails seems to be down now; wonder what happened to it - probably sunk by a lawsuit, or maybe the guy finally got bored of spending his free time reading thousands of emails).

Re:When will companies learn to disable 'noreply'? (1)

badfish99 (826052) | more than 5 years ago | (#26109611)

Well, whois shows that donotreply.com is now registered to "Portal of Evil Inc". We can only guess what they are doing with all the Capital One passwords that they harvest.

Re:When will companies learn to disable 'noreply'? (2, Funny)

redJag (662818) | more than 5 years ago | (#26110871)

Obviously this is some sort of Google service that is in beta..

Re:When will companies learn to disable 'noreply'? (1)

hemorex (1013427) | more than 5 years ago | (#26110939)

Donotreply.com was one of the domains available for Portal of Evil's evilemail service... and "some guy" in this case is Chet Faliszek, who's actually with Valve these days. Ever hear of a little game called Portal?

Re:When will companies learn to disable 'noreply'? (1)

neomunk (913773) | more than 5 years ago | (#26111095)

WAR KITTENS!

Re:When will companies learn to disable 'noreply'? (0)

Anonymous Coward | more than 5 years ago | (#26114497)

The reason why people do this is because a lot of MX agents will not accept E-Mail from hosts with static IP addresses but no domain name. So instead of getting a real domain name, they instead generate a fake one, and "donotreply.com" is probably the most famous of them all.

Jed Schmidt's comment (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26108403)

Iâ(TM)ve updated this issue over at Get Satisfaction[1], but let me just summarize what exactly was going wrong: you were inadvertently forwarding your emails not to your secret pastebud address, but to the address set as the from address for these emails, which was noreply@pastebud.com.

This happened to other folks too; instead of sending email to secret-random-string@pastebud.com, they were sending to noreply@pastebud.com. And everyone who was doing this ended up sharing the same clipboard.

Anyway, I just wanted to let you know that weâ(TM)ve fixed it, and the changed will be live by the morning. You can find more details about the issue here[1].

Thanks again for bringing this to our attention, and let me know if thereâ(TM)s anything else you need clarification on.

Jed Schmidt
Founder, pastebud

[1] http://gsfn.us/t/of0

Go figure (0, Troll)

Anonymous Coward | more than 5 years ago | (#26108407)

Apple sucks

Already fixed, nothing to see. (1)

Anonymous Coward | more than 5 years ago | (#26108427)

Users misconfigured the app, and were sharing one big clipboard. Fixed on server side to stop bad users.

Re:Already fixed, nothing to see. (-1, Troll)

ILuvRamen (1026668) | more than 5 years ago | (#26109233)

reeeeeeally? Okay how hard is it to not code your program to send the data off the phone in a format receivable by other users of the software and then have a part of the software that does receive the code then render it for them? You'd absolutely have to do that on purpose since it could very well just be a simple offline app. Why did they even add in network transmission capabilities at all? I still say it's absolutely and completely their fault.

Re:Already fixed, nothing to see. (1, Funny)

Anonymous Coward | more than 5 years ago | (#26109349)

Your lack of understanding of how this thing works (and why) is nearly conclusive proof that too much ramen addles the brain.

Re:Already fixed, nothing to see. (0)

Anonymous Coward | more than 5 years ago | (#26110021)

No really, from what I can tell, the 'how' is "majorly sucking in an inexcusably insecure way", and the 'why' is "because the iPhone sucks".

Who uses iPones anyway? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26108459)

I heard that only Italians used iPones. Everyone else I know uses polite forms of address but these Italians had to come and ruin it for everyone because they were too busy drinking coffees to learn how to clipboards. Fuching Italian bastordes.

Why does it go to a server, anyway? (3, Interesting)

The Amazing Fish Boy (863897) | more than 5 years ago | (#26108463)

When I first heard of this trick, I thought it was pretty damn clever. But the way I'd imagined it from the headline was that it would use the mailto: pseudo-protocol to paste to Mail, and would use HTML5 client-side database [webkit.org] or a cookie of some sort to store it in the browser. My idea was basically three bookmarklets:
  1. Copy: Stores selected text in client-side database or cookie
  2. Paste: Pastes into text field in browser
  3. Paste to Mail: Opens a URL to mailto:replace@this.com?body=$clipboardContents

Obviously this wouldn't work for copying from Mail to Safari, but I was kind of confused as to when that would come in handy anyway. The trade-off for security would be worth it, and if you really wanted to, you could still do a trip to a server for Mail-to-Safari copying.

I haven't delved into the bookmarklets yet, so maybe it's not possible for some reason, but does anyone know why they would choose to have it make a trip to the server when it seems like it could be pretty easily avoided?

Re:Why does it go to a server, anyway? (4, Insightful)

Achromatic1978 (916097) | more than 5 years ago | (#26108859)

My God. How fucking horrible are -any- of these solutions?!? This one, a local one, whatever. They're all fucking horrible! All because The Steve says cut-n-paste is not for a touch screen phone. Ye gods. But apparently this is acceptable to the RDF'ed masses. I've read countless blog posts justifying the 'no cut and paste' as being a good idea, anything to require no admission of the fact that it's an ugly stupid and inexcusable UI flaw.

Re:Why does it go to a server, anyway? (2, Interesting)

furball (2853) | more than 5 years ago | (#26109929)

I have a hunch that Steve is looking for something a lot better than text copy-paste. Copy-paste done correctly is more complicated than you think it is.

If I copy text, does it copy attributes? Does bold text retains its boldness? Etc.

What happens when I want to copy an email address from the address book? Am I limited to copying read-only text or read-write text? Why can't I copy a whole address book entry? What happens when I paste the address book entry?

Re:Why does it go to a server, anyway? (0)

Anonymous Coward | more than 5 years ago | (#26110125)

Aren't there answers for all of these already on OSX?

I know on Windows it's a lot of OLE magic that happens in between the two applications.
Basically, you end up with HTML, Text or a COM object.
For the latter, the receiving application needs to parse it. The receiver can also just ask for the text then it's up to the sending application to convert it.
(please feel free to correct me on this, it's been awhile since my clipboard hacking days)

Re:Why does it go to a server, anyway? (2, Informative)

nneonneo (911150) | more than 5 years ago | (#26111425)

Yes, on OS X, you would use the NSPasteBoard [apple.com] class to interact with the system-wide clipboard. The only thing stopping Apple from implementing NSPasteBoard in the iPhone SDK appears to be the question of how to implement it best in the UI. The system of NSPasteBoard filters handles all the gritty details of converting data between different formats; a given pasteboard can hold data in a specific format (or even multiple formats at once), and the client can invoke a filter to read the data from the PB using any applicable filters. Honestly, everything is in place API-wise, it seems that Apple simply wants to work out the UI (there is, in fact, more than one way to do it, but it seems they are dragging their heels with this important feature!)

Re:Why does it go to a server, anyway? (1)

E IS mC(Square) (721736) | more than 5 years ago | (#26111719)

>> appears to be the question of how to implement it best in the UI

umm... by just giving copy/paste options in the menu somewhere, just like every other freaking smartphone in world?

Re:Why does it go to a server, anyway? (1)

furball (2853) | more than 5 years ago | (#26114161)

Have you actually used an iPhone? Have you noticed the distinctive lack of a menu?

Re:Why does it go to a server, anyway? (1)

Your.Master (1088569) | more than 5 years ago | (#26116555)

Windows Mobile touchphones go with the plan of poking the text itself for a short time (longer than a "click" poke) and popping up a context menu. I think a variant of that could work, though I'd prefer instead of a context menu some kind of directional overlay so you could flick your finger to one side or the other afterward for copy or paste.

Generally I think radial menus and similar make a lot more sense with touch screens than they ever did with the mouse, and are due for a resurgence.

Re:Why does it go to a server, anyway? (1)

maxume (22995) | more than 5 years ago | (#26110585)

So why not start with unformatted text and build from there?

Sure, it might be frustrating some of the time, but good luck convincing me that it is more frustrating than no copy/paste at all.

Re:Why does it go to a server, anyway? (2, Insightful)

db32 (862117) | more than 5 years ago | (#26111275)

That one is easy...Because that is what Microsoft does. They push out half completed bullshit products on their base and then say "well it will probably work right by the time SP2 comes along".

Do it right the first time and don't put it out there until it is done right. Otherwise you fuck up your reputation. It is a lot harder to get the word out of "Hey, iPhone cut and paste is new and improved and actually works like it should now!" rather than "New iPhone 3.0! Now with Cut and Paste!". Most users are going to bump into the cut and paste you describe and not even begin to understand why it is so crippled.

Also...having used an iPhone...cut and paste would be nice, but I doubt I would use it much because cut and paste on a touch screen run by your finger would be a royal pain in the fucking ass. Your finger is as big as most words on the screen, you would have a god aweful time trying to accurately cut and paste.

Re:Why does it go to a server, anyway? (1)

LordKronos (470910) | more than 5 years ago | (#26114337)

If you had used an iPhone or iPod touch very much, you would have seen that it has a magnifying glass feature which is used to select your edit point when modifying a block of text. It works quite well, too. It seems to me like the magnifying glass would be a great way to mark your starting and ending selection points.

Re:Why does it go to a server, anyway? (1)

db32 (862117) | more than 5 years ago | (#26116651)

I have and that idea gives me nightmares. I dread screwing up enough that I need to use it. Nothing wrong with it, just a pain to get it in place. I think that cut and paste like that would often be far more trouble than it's worth.

Re:Why does it go to a server, anyway? (1)

Your.Master (1088569) | more than 5 years ago | (#26116585)

Except your argument is mixed. Pushing out an OS without cut & paste is just as much a "half completed bullshit product" as pushing out cut & paste which is text-only.

Which isn't to say that it's the wrong choice, necessarily. A knowledgeable user would have more functionality with text-only, but most of iPhone's customers aren't experts, we know. The argument needs to go deeper into why the boundary is where it is, because from the complaints about the lack of copy paste, we know that the iPhone isn't an absolutely complete perfect-in-every-way product.

Re:Why does it go to a server, anyway? (1)

db32 (862117) | more than 5 years ago | (#26116703)

Well arguably yes. My point is that half assed features will cause worse outcomes than missing features. It is better to add new (complete) functionality than patching it together as you go. Aside from the reputation issues, what if you have to alter how it works to get it done. Now you have to deal with that whole retrain your users crap. (Fuck you Microsoft and your constant total interface redesigns! The first time you set up a wireless connection in Vista you may need antipsychotic meds afterwards. Let's not talk about Office either.)

Apple may have issues, but they tend to have a much better UI design.

Re:Why does it go to a server, anyway? (1)

Dogtanian (588974) | more than 5 years ago | (#26110891)

I have a hunch that Steve is looking for something a lot better than text copy-paste.

So? I'm sure that he- along with lots of other companies- is, but that's no excuse for leaving the facility out altogether until something better comes along!

Re:Why does it go to a server, anyway? (2, Insightful)

Lars T. (470328) | more than 5 years ago | (#26113507)

I have a hunch that Steve is looking for something a lot better than text copy-paste.

So? I'm sure that he- along with lots of other companies- is, but that's no excuse for leaving the facility out altogether until something better comes along!

Well, the excuse is that others have done exactly that, and thus Windows (and a lot of other stuff) is full of interface quirks that are still in because people got so used to them they reject the better fix. Which (at least in the Windows case) results in some apps supporting only the old, some only the new, and some being forced to support both. Heck, apps supporting just one method will often use the other for something completely else. Yeah, a fine solution that is.

Oh, you want an example? Try the keyboard command(s) for closing a window. Or the overlying MDI/SDI mess.

Re:Why does it go to a server, anyway? (1)

Dogtanian (588974) | more than 5 years ago | (#26123349)

Sorry, but I'm not buying that justification. Are you saying that no cut and paste is better than a flawed implementation, even if it's clear that Apple had- and have- nothing better in the pipeline?

The iPhone has been out for 18 months now. In that time, there's been no official cut and paste facility, let alone an improved version! The simple truth is that Apple likely launched the cut-and-pasteless iPhone with nothing better planned for the forseeable future. (If they'd anything that was well-developed enough at that time to be a sure bet- as opposed to some interesting but untested HCI UI research- they could have implemented it by now).

This is just a guess, but I'm guessing Steve Jobs was involved in this decision. The guy is very clever, and probably the reason Apple are much better at design, UI and consumer electronics than MS. However, he's not infallible, and this did make me think of his insistence on the original implementation of the Mac being a 128KB model against the advice of his engineers.

Re:Why does it go to a server, anyway? (1)

RocketRabbit (830691) | more than 5 years ago | (#26141029)

This is already all taken care of in OS X, which the iPhone runs a subset of.

This has more to do with Apple just deciding things for its users, than anything technical.

Re:Why does it go to a server, anyway? (2, Interesting)

Jay L (74152) | more than 5 years ago | (#26111017)

Not sure where you've read the countless defenses of lack-of-cut-and-paste, but Apple doesn't seem to agree. It's on their list; other things were higher on their list. I myself don't care about Exchange-server compatibility, and would MUCH rather have cut-and-paste. I'm sure others have their own personally-improved priority lists.

I think Apple's done pretty well for an OS that's only 18 months out of the gate. Anything that new is bound to have some of what I call "unconscionably absent" features. I'm looking forward to cut-and-paste.

Re:Why does it go to a server, anyway? (1)

cwingrav (8705) | more than 5 years ago | (#26111121)

Get some sleep. It'll be alright... :)

Re:Why does it go to a server, anyway? (2, Insightful)

Sancho (17056) | more than 5 years ago | (#26111523)

I have an iPhone, and I use it regularly. There have been exactly two times when I wished that I had copy/paste. So no, I don't see what the big deal is. I don't think that lack of copy/paste was a good design decision--in fact, I'm sure that the phone would be better with it. But I don't think that it's a killer feature. I certainly don't think that the addition of copy/paste will make iPhone haters suddenly embrace the device--they'll just find something else to complain about.

No phone is perfect. The iPhone does what I want 99% of the time, and is stable. I can't say the same for any other smart phone I've tried (though I haven't had a chance to play with android yet, and probably won't bother until someone with 3G coverage in my area puts out an Android phone.)

Stop with the absurd holy wars over phone choice. Who cares what other people buy? If you don't like the phone, don't buy one. Leave everyone else alone.

Re:Why does it go to a server, anyway? (1)

ivan256 (17499) | more than 5 years ago | (#26122961)

I don't know that I'd defend the lack of the feature as a "good idea", but I will say that I've had Copy and Paste on my phone (Treo 650/700) for years, and I've never used it. Not even once.

Seems like a no-brainer type of feature to include, but if it went away on my phone, I can't say I'd miss it at all. The whole "issue" seems to be overblown.

Re:Why does it go to a server, anyway? (0)

Anonymous Coward | more than 5 years ago | (#26119455)

This is exactly what iCopy does. www.biocow.com/iCopy/

It stores the info you copy to a cookie on your phone and not in a database online where someone (even accidentally) could get to it.

Think different (4, Funny)

lewko (195646) | more than 5 years ago | (#26108487)

a message at Get Satisfaction says they're working on the problem
They've already done that.

I suspect they should start working on a solution...

Re:Think different (0)

Anonymous Coward | more than 5 years ago | (#26108841)

Technically, following proper RE principals, this is an expected statement and what you would want to hear. You need to work on (as in understand, and properly explain) the problem BEFORE you start working on solutions, which is a completly different process which should happen after.

Take note of this Apple (1)

eleveneleven (979605) | more than 5 years ago | (#26108495)

This should be reason enough for Apple to finally implement their own cut-and-paste functionality. Even if they aren't making the apps/bookmarklets that have these security breaches, the bad PR in general will drag them through the mud.

Re:Take note of this Apple (3, Insightful)

ImNotAtWork (1375933) | more than 5 years ago | (#26108719)

My wife has been complaining about lack of a clipboard ever since she got the blasted thing. I tell her "I told you to wait for android every time she complains."

Re:Take note of this Apple (1)

ImNotAtWork (1375933) | more than 5 years ago | (#26108723)

...begs for mercy from the grammar nazis for misplaced quotation marks...

Re:Take note of this Apple (0)

Anonymous Coward | more than 5 years ago | (#26111769)

It amazes me how many so-called geeks don't know the difference between "copy and paste" and "cut and paste". C'mon guys! At least make an effort.

What is Cut & Run? (1)

xactuary (746078) | more than 5 years ago | (#26108549)

Jeopardy Answer: Pastebud's new Business Plan

Re:What is Cut & Run? (1)

larry bagina (561269) | more than 5 years ago | (#26108609)

alternate answer: cowboyneal releasing a silent-but-violent and then waddling off.

Plz post more NYCL stuff (0)

Anonymous Coward | more than 5 years ago | (#26108553)

i dont have a iphone but where are NYCL posts? i like them because they show how teh MAFIAA is evil, and that makes it OK to infringe on there copywrites and stuff because they are mean to people like that 19 year old lady who has cancer. she said she doesnt even have a computer so how could she even download stuff without one? i think that is mean. write back here if you agree!!!

Re:Plz post more NYCL stuff (0, Redundant)

larry bagina (561269) | more than 5 years ago | (#26108605)

me 2

Switch to Ninnle! (0)

Anonymous Coward | more than 5 years ago | (#26108561)

Ninnle Linux has been ported to just about everything, even various smartphones. It's a simple yet highly configurable installation.

Re:Switch to Ninnle! (0)

Anonymous Coward | more than 5 years ago | (#26109505)

I agree. You can't go wrong with Ninnle. Ninnle Linux for the win!

User Error (0)

Anonymous Coward | more than 5 years ago | (#26108587)

"I and other users were forwarding the e-mails we wanted to copy from to the wrong e-mail address"

Business Plan (0)

Anonymous Coward | more than 5 years ago | (#26108593)

1. Add huge security hole to your iPhone app.
2. Get free publicity on Slashdot and elsewhere.
3. Profit!

Whats?!!? (0)

Anonymous Coward | more than 5 years ago | (#26108607)

Bugs in software? Be gone witch!

No bugs in Ninnle! (0)

Anonymous Coward | more than 5 years ago | (#26108615)

If you switch to Ninnle Linux, your phone will be trouble free.

Re:No bugs in Ninnle! (3, Insightful)

MobileTatsu-NJG (946591) | more than 5 years ago | (#26108653)

No bugs in Ninnle!
If you switch to Ninnle Linux, your phone will be trouble free.

I'm impressed that Ninnle is so bug free that 3rd party apps are completely unexploitable.

Re:No bugs in Ninnle! (0)

Anonymous Coward | more than 5 years ago | (#26111731)

the joke is funny, but really? +4 insightful?

Re:No bugs in Ninnle! (1)

MobileTatsu-NJG (946591) | more than 5 years ago | (#26114221)

It wasn't a joke.

Re:No bugs in Ninnle! (0)

Anonymous Coward | more than 5 years ago | (#26118821)

Of course it wasn't a joke! Ninnle Linux has very tight security features that prevent malware nastines.

Re:No bugs in Ninnle! (1)

MobileTatsu-NJG (946591) | more than 5 years ago | (#26123163)

So does the iPhone. That's why this happened. (You really should read the f'n article.) Ninnle is nowhere near immune to the problem that happened here.

Your grasp of what's happening is amusing.

"You should have a Honda instead of a Ford, it's much more reliable!"
"I got a flat tire, you idiot."

Copying data locally with a remote middleman? (0)

Anonymous Coward | more than 5 years ago | (#26108663)

Storing data on the _web_ to copy it _locally_ is akin to emptying one's trash by first moving files to a web server and then deleting it there.

http://technologizer.com/2008/12/12/pastebud-it-seemed-like-a-good-idea/#comment-6130 [technologizer.com]

Trusted third-party apps (1)

93 Escort Wagon (326346) | more than 5 years ago | (#26109035)

Terrible news about this Pastebud app.

Hey, if you want your credit card information stored securely online, just IM me - I'll store it securely on a iPhone accessible website for ya.

Still no clipboard? (4, Insightful)

erroneus (253617) | more than 5 years ago | (#26109081)

No wait... in ALL this time, Apple still hasn't provided this basic functionality?

I wrote off the iPhone when I learned of the battery problem and haven't paid much attention to it since then. But one thing I expected to see resolved was the clipboard deficiency. I know some of my users were bouncing around happy when an update fixed some sync problem they were having and somehow among those fixes, I thought the clipboard feature was added, but I guess I was wrong.

One thing I find ironic about iPhone is that Apple has somehow managed to restrict the convenience and basic functionality right out of the machine. I won't deny iPhone's extremely enthusiastic fanbase. It is rather incredible. But the coolest thing one user had to show was the zippo lighter. Yes, it looks and acts like a zippo lighter and serves no function at all. (Now when it lights a virtual cigarette on another iPhone, I will be impressed!) But I find it more than a little amazing that Copy and Paste are still not present.

I think, perhaps, I understand why though. Apple may have created a security model that effectively prevents that from working -- even for themselves -- ever. If all apps, as I have read here, are chrooted to themselves and essentially shares nothing with the OS (which is somewhat hard to imagine...sharing nothing with the OS... how about some API code?) then it would seem that while security holes are effectively blocked forever, so too is basic functionality. Are iPhone apps not allowed to talk to a storage device that other iPhone apps are also allowed to talk to? It sounds like "no" since this paste program uses the inter-web to share data between apps. And what? This data isn't encrypted for individual users?

Re:Still no clipboard? (1)

Leynos (172919) | more than 5 years ago | (#26109517)

I hear they still can't forward text messages either.

Apple couldn't decide if the iPhone was supposed to be a phone or a computer, and in the end, it does neither particularly well.

I think they did get a lot right tho in terms of user interface and design. I'd also like to develop for the platform. I'll be keeping my eyes on the iPhone to see if they get these failing eliminated in some future firmware release.

Re:Still no clipboard? (1)

Ash-Fox (726320) | more than 5 years ago | (#26110371)

It can't even do MMS messages - something that all new phones sold in Europe have done for years.

Re:Still no clipboard? (0)

Anonymous Coward | more than 5 years ago | (#26111713)

Yes, it looks and acts like a zippo lighter

Where does the flame orginate from on the iPhone? oh there's no real flame, guess it doesn't act like a real zippo then...

Re:Still no clipboard? (1)

lakeland (218447) | more than 5 years ago | (#26113275)

You could be right about why. To be honest, I've never missed this functionality - the way I use the phone doesn't ever require copy paste. However while we're guessing, I'm guessing the reason it is missing is they couldn't develop a UI to copy/paste that was intuitive enough. How _do_ you copy/paste without a menu, some sort of special 'snip' gesture?

Personally the biggest missing functionality for me is the inability to remember passwords/secure notes and requiring me to type them in on every visit. This is despite the phone already connecting to the mobileme server where my passwords and secure notes are stored!

Re:Still no clipboard? (0)

Anonymous Coward | more than 5 years ago | (#26113689)

I've never missed this functionality - the way I use the phone doesn't ever require copy paste.

Presumably you never use the phone for email or as a web browser?

Re:Still no clipboard? (1)

yodleboy (982200) | more than 5 years ago | (#26120437)

How _do_ you copy/paste without a menu

how about if i press for say 2 seconds at the start of where i want to copy i get a draggable highlight? then i tap the highlighted text after dragging to the end point and it copies. at the other end of the process, how about i hold down for 3 seconds to paste?

seriously, for all the things my iPhone does, i'm still amazed it DOESN'T do cut and paste. Coming from a blackberry, which does cut and paste, i probably notice the lack of it more. it's easy for people who haven't had the functionality before to say "oh i don't need that". You may not need it often, but when you do it's a real pain to not have it.

I see the apple apologists are out in force with the "steve wants it to be perfect" argument. Considering cut and paste has been a staple feature of modern gui operating systems for 25 years or more, you'd THINK they had it down by now.

Re:Still no clipboard? (0)

Anonymous Coward | more than 5 years ago | (#26118701)

No wait... in ALL this time, Apple still hasn't provided this basic functionality?

I wrote off the iPhone when I learned of the battery problem and haven't paid much attention to it since then. But one thing I expected to see resolved was the clipboard deficiency. I know some of my users were bouncing around happy when an update fixed some sync problem they were having and somehow among those fixes, I thought the clipboard feature was added, but I guess I was wrong.

One thing I find ironic about iPhone is that Apple has somehow managed to restrict the convenience and basic functionality right out of the machine. I won't deny iPhone's extremely enthusiastic fanbase. It is rather incredible. But the coolest thing one user had to show was the zippo lighter. Yes, it looks and acts like a zippo lighter and serves no function at all. (Now when it lights a virtual cigarette on another iPhone, I will be impressed!) But I find it more than a little amazing that Copy and Paste are still not present.

I think, perhaps, I understand why though. Apple may have created a security model that effectively prevents that from working -- even for themselves -- ever. If all apps, as I have read here, are chrooted to themselves and essentially shares nothing with the OS (which is somewhat hard to imagine...sharing nothing with the OS... how about some API code?) then it would seem that while security holes are effectively blocked forever, so too is basic functionality. Are iPhone apps not allowed to talk to a storage device that other iPhone apps are also allowed to talk to? It sounds like "no" since this paste program uses the inter-web to share data between apps. And what? This data isn't encrypted for individual users?

Cut and Paste is only a big deal to people who like to write on blogs. I've been using an iPhone since it rolled out and maybe, once in a while I wish I had, its no where near the show stopper people are writing about.

The iPhone is the best device of its kind on the market and no one has an answer. Get one

Pity the FOOL (0)

Anonymous Coward | more than 5 years ago | (#26110427)

Haha for "Get Satisfaction"! I always said their software was something that you should look very carefully at before installing.

I'd say "If you use software from 'Get Satisfaction', you should understand it before you use it - it's like using LINUX - a huge unknown".

But clearly the author of this entry was STUPID and didn't listen to me. A Fool? Not necessarily. Perhaps he was just unfamiliar with my blog, my articles, and my security company.

Yes, people do live in a hole.

All Design and No Substance (0)

Anonymous Coward | more than 5 years ago | (#26113317)

I am still agape at the fact that Apple was able to convince everyone that by including a web browser they were including an application platform. Are you kidding? Now that's marketing magic!

Rubbing it in! (0)

Anonymous Coward | more than 5 years ago | (#26120453)

I knew buying a blackberry would payoff. It's my time to shine!

I knew buying a blackberry would payoff. It's my time to shine!

I knew buying a blackberry would payoff. It's my time to shine!

I knew buying a blackberry would payoff. It's my time to shine!

I knew buying a blackberry would payoff. It's my time to shine!

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...