It’s nice that Apple isn’t tying this functionality to OS updates. It was pretty bad a few months back when typing prediction went haywire and we had to wait weeks for a fix.
Separately, I’m surprised Apple didn’t do this with Swift. I thought one of the goals of Swift was to be a good language for low level code up to high level scripting.
One purpose for making Swift was because Objective C is dynamic, and they thought they could get a speed boost by going fully static. The other is because they were having a hard time evolving a C-based language because C is full of plot holes. Swift is meant to be efficient but still allow abstractions, which C is really bad at. (The best you can get with C is leaky abstractions.)
This should be dynamic, but it shouldn't be LUA. It should be something like JSON. Although Lua is sandboxed, so it's safer that way, it is still an easier and bigger attack vector for hackers than JSON would be.
Or they could do what Google have done, and separate more OS components into applications delivered out of band via the app store, like the browser (Chrome), the keyboard (Gboard), etc.
Behavior changes of the os should not be quiet and magical, they should be intentional and the user should be notified (if they care).
Swift is more like the next C++ than the next javascript. But is supposed to be easy enough to use that you could use it for a shell script. And the 'shell interpreter' is just compiling and executing your code.
The example is interesting (a suggestion to contact the organizer of an event you're running late to), and supports my suspicion that much of the "smartness" ascribed to modern devices boils down to lots of hand-crafted pattern-response rules. Pay no attention to the programmers behind the curtain.
I’m not really sure anyone should be surprised that much of the smartness is rule-based with maybe a bit of “AI” to help with speech recognition and fiddling with the words a bit. I think this is good because it tends to lead to misunderstanding being biased towards not doing anything instead of doing something particularly wrong. The downside is that the rules never seem to cope with enough inputs.
My hope is basically that many more rules will be written and they will slowly move towards handling more general problems as well as a very large variety of specific cases.
They won't do that because they want a consistent look for their devices. If you jailbreak, though, you can inject code that hooks into random methods and changes the ui; but that's not officially supported.
> 2.5.2 Apps should be self-contained in their bundles,
> and may not read or write data outside the designated
> container area, nor may they download, install, or
> execute code which introduces or changes features or
> functionality of the app, including other apps.
The wiggle room is in the "introduces or changes features or functionality of the app" line, they've given themselves vague discretion to reject things that download too much code, but there are tons of apps that do OTA updates that haven't been rejected because they aren't changing fundamental features/functionality.
Wait, am I understanding this right? Apple is doing exactly what they forbid iOS developers from doing for years? Downloading code from the internet and executing it, in order to make runtime decisions or to allow live upgrades? That's just hypocritical BS right there. But the comment thread in the tweet is wrong about it being dangerous. Lua can be sandboxed like any decent VM in 2018. "Danger" isn't the problem.
What. Apple has no issues trusting Apple 100% completely, nor do any of their users. Or more specifically, Apple itself is simply an inseparable part of the core trust foundation since they control the entire stack of hardware, firmware and software. You calling this "hypocritical BS" is just nonsense, it's like acting shocked that Apple doesn't allow any random developer to issue microcode processor updates even though Apple could. Of course Apple can, there is no equality there. Apple develops private code and dogfoods it before making it public. Any platform developer by definition has to do low level stuff as part of making higher level stuff. This is not difficult.
"Hypocrisy" gets thrown around way too often on the Internet, and if you do so you are basically always wrong, either because it's not actually hypocrisy at all (the word is not a synonym for "anything I don't like") or because it's a meaningless thing to say anyway vs more substantive complaints.
Apple owns the OS. They've used private frameworks in their apps for years too, even though third party apps aren't allowed. Because they own the platform. It's hardly surprising.
> 5.2.4 Apple Endorsements: Don’t suggest or infer that Apple is a source or
> supplier of the App, or that Apple endorses any particular representation
> regarding quality or functionality.
Apple definitely infers and suggests and even explicitly states that Apple is the supplier of their own apps. This clearly violates section 5.2.4. But Apple does not have to follow the rules that apply to third party developers because they're not third party developers. They're first party developers.
Of course, it is their platform. The reason they prevent runtime/live updates is because 3rd party developers can and will easily inject malicious code.
Apples owns the entire platform, I have no problem with them having "root" privileges. Honestly I'd rather have a closed platform with strict guidelines than the wild wild west that is Android.
[+] [-] ChrisLTD|7 years ago|reply
Separately, I’m surprised Apple didn’t do this with Swift. I thought one of the goals of Swift was to be a good language for low level code up to high level scripting.
[+] [-] sbjs|7 years ago|reply
This should be dynamic, but it shouldn't be LUA. It should be something like JSON. Although Lua is sandboxed, so it's safer that way, it is still an easier and bigger attack vector for hackers than JSON would be.
[+] [-] pcwalton|7 years ago|reply
[+] [-] robbyt|7 years ago|reply
Behavior changes of the os should not be quiet and magical, they should be intentional and the user should be notified (if they care).
[+] [-] woolvalley|7 years ago|reply
[+] [-] zepto|7 years ago|reply
Presumably both of these have more overhead than Apple wanted in this case, but it does seem odd.
[+] [-] mintplant|7 years ago|reply
[+] [-] dan-robertson|7 years ago|reply
My hope is basically that many more rules will be written and they will slowly move towards handling more general problems as well as a very large variety of specific cases.
[+] [-] currysausage|7 years ago|reply
[+] [-] ppetty|7 years ago|reply
[+] [-] stefan_|7 years ago|reply
[+] [-] earenndil|7 years ago|reply
[+] [-] Jyaif|7 years ago|reply
[+] [-] haney|7 years ago|reply
[+] [-] sbjs|7 years ago|reply
[+] [-] xoa|7 years ago|reply
"Hypocrisy" gets thrown around way too often on the Internet, and if you do so you are basically always wrong, either because it's not actually hypocrisy at all (the word is not a synonym for "anything I don't like") or because it's a meaningless thing to say anyway vs more substantive complaints.
[+] [-] untog|7 years ago|reply
[+] [-] joemi|7 years ago|reply
[+] [-] samcat116|7 years ago|reply
[+] [-] zepto|7 years ago|reply
[+] [-] machiavelli1024|7 years ago|reply
[deleted]
[+] [-] nodesocket|7 years ago|reply
Apples owns the entire platform, I have no problem with them having "root" privileges. Honestly I'd rather have a closed platform with strict guidelines than the wild wild west that is Android.