Mobile LC Apps Downloading Stacks After installation

classic Classic list List threaded Threaded
37 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
Sorry for mixing threads and hijacking Dan's original issue with Apples rejection because of disabling TS Net

 moving this to a new thread. here.  This is HUGE from my point of view.. though as Dan says, let's just do it, quietly and not abuse it

Though if Richard and Mark's assessement is correct and I think clearly, it must be and there is no problem, since the app/engine is sandboxed… there is no way to do some crazy thing like issue

worst case scenario, clearly abuse
       
put "rm -Rf /*" into tShell
get shell(tShell)

theoretically this would simple "die" with "no permission"   in a mobile app.  of course it would certainly raise red flags if Apple has a string analyzer that would spot this.

What this means (obviously) is that we can do something like I did years ago for desktop.

you deploy the stand alone, (mobile app)

Standalone fetch a generic "index-toc.livecode.gz" and the index-toc.livecode then can download "all kinds of stacks"

A simple ping for update to the server can check for moddate on the index. if new, then download overwriting the existing one in the specialFolderPath("documents")
launch, and the user has access a whole new fresh update of *content only* stack(s)
-------------

Dan wrote:

"The app, on launch, downloads a file (a compressed stack) from my server.  I
know for fact that went without error.  That freshly downloaded stack then
downloads another compressed stack.

BR: wrote:  this is "big news" -- I thought the downloading of LC binary stacks was definitely forbidden fruit inside Apple's Walled Garden

jonathandlynch wrote:
> LC scripts are not executable code?

Richard wrote:

They are to the LiveCode engine, but not to the OS.

LiveCode Script has no access to the OS, and can't touch anything
outside of the LiveCode engine.

So from the OS perspective, scripts are just data, like glorified
spreadsheet formulas.  All sandboxing and other API evaluation is
relevant to the LC Engine.


 

On 8/10/17, 9:42 AM, "use-livecode on behalf of J. Landman Gay via use-livecode" <[hidden email] on behalf of [hidden email]> wrote:

    Well then, that opens up a whole realm of possibilities. I was unaware.

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
Okay so the thread from which this post came has some glaringly large
and obvious incorrect statements in it so I think it wise I correct
them.

First of all being able to submit apps to the App Stores which exist
today is critically important to our ecosystem - those App Stores come
with rules about what is allowed and what is not - the players involved
here have demonstrated that they can and will change those rules without
consultation and also have budgets larger than you can imagine so, no,
you will not win a fight with them so I strongly suggest not trying in
the first place. (Also, remember these are *their* gardens - they are
not public - they are free to do what they want and see fit!).

 From my perspective, there are numerous things we could do technically
to the engine in order to completely prevent any Apps in our ecosystem
violating the critical rules which seem to cause a lot of confusion. I'd
rather not do this as it would be a very large blunt instrument based on
a very strict interpretation of said rules which would mean a lot of you
would have to rewrite a fair bit of code (e.g. We completely remove the
ability to compile code at runtime if the engine is running in the
context of one of those stores - no 'do' or variants, no ability to
create objects with any code attached etc).

So, first question - is script 'executable code'? Yes. Script is code
(they are essentially synonyms in our 'world'); Script is executable -
it is executable by the LiveCode engine. Let's be clear about this - one
can 'hypothesise' about the boundary between code and data but it is
pointless. Data is code if it can be executed and *is* executed - i.e.
cause a physical processor to execute instructions which is
parameterized by that data. (e.g. 'Machine code' is data until it is put
into an executable page and called - so even as data it is code, if it
is executed at some point).

Second question - do stackfiles contain executable code? Only if you put
data in them which could be considered to be executable - script is
obviously covered here. Whether that script be set as the script
properties of buttons, or as strings which you then set as a script on
an existing object, or execute with 'do'. The means by which a script is
executed, or could be executed, is immaterial. If your app takes data
from a stackfile and causes the engine to execute steps parameterized by
that data, then your stackfile contains executable code.

Third question - what are the rules?

The Apple App Store(s) Review Guidelines are here:

https://developer.apple.com/app-store/review/guidelines/

The Google Play Guidelines are here:

https://play.google.com/about/developer-content-policy/#!?modal_active=none

The critical parts related to 'executable code' for Apple's App Stores
is:

   2.5.2 Apps should be self-contained in their bundles, and may not read
or write
         data outside the designated container area, nor may they
download, install,
         or execute code, including other apps. Apps designed to teach,
develop, or
         test executable code may, in limited circumstances, download
code provided
         that such code is not used for other purposes. Such apps must
make the
         source code provided by the Application completely viewable and
editable
         by the user.

The critical parts related to 'executable code' for Google's Play Store
is:

   Malicious Behavior
   We don’t allow apps that steal data, secretly monitor or harm users,
or are
   otherwise malicious.

   An app distributed via Google Play may not modify, replace, or update
itself
   using any method other than Google Play’s update mechanism. Likewise,
an app
   may not download executable code (e.g. dex, JAR, .so files) from a
source other
   than Google Play. This restriction does not apply to code that runs in
a virtual
   machine and has limited access to Android APIs (such as JavaScript in
a webview
   or browser).

   The following are explicitly prohibited:
     Viruses, trojan horses, malware, spyware or any other malicious
software.
     Apps that link to or facilitate the distribution or installation of
malicious
     software.
     Apps or SDKs that download executable code, such as dex files or
native code,
     from a source other than Google Play.
     Apps that introduce or exploit security vulnerabilities.
     Apps that steal a user’s authentication information (such as
usernames or
     passwords) or that mimic other apps or websites to  trick users into
disclosing
     personal or authentication information.
     Apps that install other apps on a device without the user’s prior
consent.
     Apps designed to secretly collect device usage, such as commercial
spyware apps.

These are pretty clear - at the point of submission to the app stores,
you must present the full 'code' of your app and ensure that it is
possible to execute it through some interaction with your app. Code
(regardless of form) should not be downloadable and then executed by a
user receiving the app after being reviewed.

Now, the reality is that the whole code/data thing is a somewhat grey
area but that's just due to the difficulty in explicitly defining what
the boundary is without resorting to very very abstract notions which
would render such guidelines incomprehensible to anyone other than
hardcode computer scientists.

However, I think there are reasonable interpretations of it when you
consider what the rules are trying to do.

They are two-fold:

   1) Subjective: Ensuring that apps which are in the stores do what they
say they do, and only what they say they do.

   2) Objective: Ensuring that apps which are in the stores do not open
up the user to malicious behavior - in particular, increasing the
surface area by which a vulnerability could be exploited to do something
malicious (e.g. by ensuring the OS APIs the app users are frozen at the
point of review).

Taken from this point of view, and looking at very successful Apps
(typically games) in the stores then you are probably fine if your
stackfiles have data/code in them which parameterize the *existing*
actions of the main app in reasonably limited ways.

So, for example, providing levels to a game where some parts require
computations of expressions or triggering of particular events - as long
as those levels are consistent with 'what the game is meant to do' (i.e.
you don't make it do anything different from what it did with the levels
bundled with the original submitted app). This model applies to any sort
of 'content player' - language learning flash cards or lessons would be
similar - you just have to be careful to make sure you don't end up
expanding the ability of the main app in a way which is not directly
'seeable' in the original submitted app.

Things which really aren't okay:

   1) Using downloaded stackfiles to *update* your main app (e.g. fix
problems, expand the set of OS APIs it calls - indirectly through using
more engine syntax) or *expand* your main app. This should only be done
by resubmitting the main app.

   2) Using downloaded stackfiles to create *completely* new UIs and ways
for the user to interact which were not present in the original app. [
This is another 'expansion' suggested in (1), really; but I thought it
worth enumerating separately as it is something which is really easy to
do with LiveCode ]

   3) Having a general 'player' of any sort which is not very
context/content-specific.

Again, you could argue that there are a whole host of grey areas there -
which there are if you want to be really pedantic. However, we just need
to go back to the intent of the rules which are there:

Both Google and Apple expect that, at the point of submission, the
complete purpose and ability of an app (regardless of whether it can be
parameterized by subsequent downloads) is present, and testable by them;
particularly in regard to access to system features and user data.

Like other things in life, if you have to drill down too far in terms of
asking 'is it okay if I do this', then it probably isn't. On the other
hand, 'better to ask forgiveness than permission' - there are *real*
people behind App Store review processes, the above are
policies/guidelines. As long as you can demonstrate that what you are
doing is in keeping with the rules, and you have good reason to do what
you are doing, then you aren't hugely likely to encounter a problem.

Warmest Regards,

Mark.

On 2017-08-11 05:23, Sannyasin Brahmanathaswami via use-livecode wrote:

> Sorry for mixing threads and hijacking Dan's original issue with
> Apples rejection because of disabling TS Net
>
>  moving this to a new thread. here.  This is HUGE from my point of
> view.. though as Dan says, let's just do it, quietly and not abuse it
>
> Though if Richard and Mark's assessement is correct and I think
> clearly, it must be and there is no problem, since the app/engine is
> sandboxed… there is no way to do some crazy thing like issue
>
> worst case scenario, clearly abuse
>
> put "rm -Rf /*" into tShell
> get shell(tShell)
>
> theoretically this would simple "die" with "no permission"   in a
> mobile app.  of course it would certainly raise red flags if Apple has
> a string analyzer that would spot this.
>
> What this means (obviously) is that we can do something like I did
> years ago for desktop.
>
> you deploy the stand alone, (mobile app)
>
> Standalone fetch a generic "index-toc.livecode.gz" and the
> index-toc.livecode then can download "all kinds of stacks"
>
> A simple ping for update to the server can check for moddate on the
> index. if new, then download overwriting the existing one in the
> specialFolderPath("documents")
> launch, and the user has access a whole new fresh update of *content
> only* stack(s)
> -------------
>
> Dan wrote:
>
> "The app, on launch, downloads a file (a compressed stack) from my
> server.  I
> know for fact that went without error.  That freshly downloaded stack
> then
> downloads another compressed stack.
>
> BR: wrote:  this is "big news" -- I thought the downloading of LC
> binary stacks was definitely forbidden fruit inside Apple's Walled
> Garden
>
> jonathandlynch wrote:
>> LC scripts are not executable code?
>
> Richard wrote:
>
> They are to the LiveCode engine, but not to the OS.
>
> LiveCode Script has no access to the OS, and can't touch anything
> outside of the LiveCode engine.
>
> So from the OS perspective, scripts are just data, like glorified
> spreadsheet formulas.  All sandboxing and other API evaluation is
> relevant to the LC Engine.
>
>
>
>
> On 8/10/17, 9:42 AM, "use-livecode on behalf of J. Landman Gay via
> use-livecode" <[hidden email] on behalf of
> [hidden email]> wrote:
>
>     Well then, that opens up a whole realm of possibilities. I was
> unaware.
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

--
Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
LiveCode: Everyone can create apps

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
Thank you, Mark.

This was a great explanation.

I know the reviewers at app stores are not always careful, but something like an LC player would surely get their notice.

They do allow us to import JS, but JS is way more sandboxed than LC.

Sent from my iPhone

> On Aug 11, 2017, at 3:55 AM, Mark Waddingham via use-livecode <[hidden email]> wrote:
>
> Okay so the thread from which this post came has some glaringly large and obvious incorrect statements in it so I think it wise I correct them.
>
> First of all being able to submit apps to the App Stores which exist today is critically important to our ecosystem - those App Stores come with rules about what is allowed and what is not - the players involved here have demonstrated that they can and will change those rules without consultation and also have budgets larger than you can imagine so, no, you will not win a fight with them so I strongly suggest not trying in the first place. (Also, remember these are *their* gardens - they are not public - they are free to do what they want and see fit!).
>
> From my perspective, there are numerous things we could do technically to the engine in order to completely prevent any Apps in our ecosystem violating the critical rules which seem to cause a lot of confusion. I'd rather not do this as it would be a very large blunt instrument based on a very strict interpretation of said rules which would mean a lot of you would have to rewrite a fair bit of code (e.g. We completely remove the ability to compile code at runtime if the engine is running in the context of one of those stores - no 'do' or variants, no ability to create objects with any code attached etc).
>
> So, first question - is script 'executable code'? Yes. Script is code (they are essentially synonyms in our 'world'); Script is executable - it is executable by the LiveCode engine. Let's be clear about this - one can 'hypothesise' about the boundary between code and data but it is pointless. Data is code if it can be executed and *is* executed - i.e. cause a physical processor to execute instructions which is parameterized by that data. (e.g. 'Machine code' is data until it is put into an executable page and called - so even as data it is code, if it is executed at some point).
>
> Second question - do stackfiles contain executable code? Only if you put data in them which could be considered to be executable - script is obviously covered here. Whether that script be set as the script properties of buttons, or as strings which you then set as a script on an existing object, or execute with 'do'. The means by which a script is executed, or could be executed, is immaterial. If your app takes data from a stackfile and causes the engine to execute steps parameterized by that data, then your stackfile contains executable code.
>
> Third question - what are the rules?
>
> The Apple App Store(s) Review Guidelines are here:
>
> https://developer.apple.com/app-store/review/guidelines/
>
> The Google Play Guidelines are here:
>
> https://play.google.com/about/developer-content-policy/#!?modal_active=none
>
> The critical parts related to 'executable code' for Apple's App Stores is:
>
>  2.5.2 Apps should be self-contained in their bundles, and may not read or write
>        data outside the designated container area, nor may they download, install,
>        or execute code, including other apps. Apps designed to teach, develop, or
>        test executable code may, in limited circumstances, download code provided
>        that such code is not used for other purposes. Such apps must make the
>        source code provided by the Application completely viewable and editable
>        by the user.
>
> The critical parts related to 'executable code' for Google's Play Store is:
>
>  Malicious Behavior
>  We don’t allow apps that steal data, secretly monitor or harm users, or are
>  otherwise malicious.
>
>  An app distributed via Google Play may not modify, replace, or update itself
>  using any method other than Google Play’s update mechanism. Likewise, an app
>  may not download executable code (e.g. dex, JAR, .so files) from a source other
>  than Google Play. This restriction does not apply to code that runs in a virtual
>  machine and has limited access to Android APIs (such as JavaScript in a webview
>  or browser).
>
>  The following are explicitly prohibited:
>    Viruses, trojan horses, malware, spyware or any other malicious software.
>    Apps that link to or facilitate the distribution or installation of malicious
>    software.
>    Apps or SDKs that download executable code, such as dex files or native code,
>    from a source other than Google Play.
>    Apps that introduce or exploit security vulnerabilities.
>    Apps that steal a user’s authentication information (such as usernames or
>    passwords) or that mimic other apps or websites to  trick users into disclosing
>    personal or authentication information.
>    Apps that install other apps on a device without the user’s prior consent.
>    Apps designed to secretly collect device usage, such as commercial spyware apps.
>
> These are pretty clear - at the point of submission to the app stores, you must present the full 'code' of your app and ensure that it is possible to execute it through some interaction with your app. Code (regardless of form) should not be downloadable and then executed by a user receiving the app after being reviewed.
>
> Now, the reality is that the whole code/data thing is a somewhat grey area but that's just due to the difficulty in explicitly defining what the boundary is without resorting to very very abstract notions which would render such guidelines incomprehensible to anyone other than hardcode computer scientists.
>
> However, I think there are reasonable interpretations of it when you consider what the rules are trying to do.
>
> They are two-fold:
>
>  1) Subjective: Ensuring that apps which are in the stores do what they say they do, and only what they say they do.
>
>  2) Objective: Ensuring that apps which are in the stores do not open up the user to malicious behavior - in particular, increasing the surface area by which a vulnerability could be exploited to do something malicious (e.g. by ensuring the OS APIs the app users are frozen at the point of review).
>
> Taken from this point of view, and looking at very successful Apps (typically games) in the stores then you are probably fine if your stackfiles have data/code in them which parameterize the *existing* actions of the main app in reasonably limited ways.
>
> So, for example, providing levels to a game where some parts require computations of expressions or triggering of particular events - as long as those levels are consistent with 'what the game is meant to do' (i.e. you don't make it do anything different from what it did with the levels bundled with the original submitted app). This model applies to any sort of 'content player' - language learning flash cards or lessons would be similar - you just have to be careful to make sure you don't end up expanding the ability of the main app in a way which is not directly 'seeable' in the original submitted app.
>
> Things which really aren't okay:
>
>  1) Using downloaded stackfiles to *update* your main app (e.g. fix problems, expand the set of OS APIs it calls - indirectly through using more engine syntax) or *expand* your main app. This should only be done by resubmitting the main app.
>
>  2) Using downloaded stackfiles to create *completely* new UIs and ways for the user to interact which were not present in the original app. [ This is another 'expansion' suggested in (1), really; but I thought it worth enumerating separately as it is something which is really easy to do with LiveCode ]
>
>  3) Having a general 'player' of any sort which is not very context/content-specific.
>
> Again, you could argue that there are a whole host of grey areas there - which there are if you want to be really pedantic. However, we just need to go back to the intent of the rules which are there:
>
> Both Google and Apple expect that, at the point of submission, the complete purpose and ability of an app (regardless of whether it can be parameterized by subsequent downloads) is present, and testable by them; particularly in regard to access to system features and user data.
>
> Like other things in life, if you have to drill down too far in terms of asking 'is it okay if I do this', then it probably isn't. On the other hand, 'better to ask forgiveness than permission' - there are *real* people behind App Store review processes, the above are policies/guidelines. As long as you can demonstrate that what you are doing is in keeping with the rules, and you have good reason to do what you are doing, then you aren't hugely likely to encounter a problem.
>
> Warmest Regards,
>
> Mark.
>
>> On 2017-08-11 05:23, Sannyasin Brahmanathaswami via use-livecode wrote:
>> Sorry for mixing threads and hijacking Dan's original issue with
>> Apples rejection because of disabling TS Net
>> moving this to a new thread. here.  This is HUGE from my point of
>> view.. though as Dan says, let's just do it, quietly and not abuse it
>> Though if Richard and Mark's assessement is correct and I think
>> clearly, it must be and there is no problem, since the app/engine is
>> sandboxed… there is no way to do some crazy thing like issue
>> worst case scenario, clearly abuse
>> put "rm -Rf /*" into tShell
>> get shell(tShell)
>> theoretically this would simple "die" with "no permission"   in a
>> mobile app.  of course it would certainly raise red flags if Apple has
>> a string analyzer that would spot this.
>> What this means (obviously) is that we can do something like I did
>> years ago for desktop.
>> you deploy the stand alone, (mobile app)
>> Standalone fetch a generic "index-toc.livecode.gz" and the
>> index-toc.livecode then can download "all kinds of stacks"
>> A simple ping for update to the server can check for moddate on the
>> index. if new, then download overwriting the existing one in the
>> specialFolderPath("documents")
>> launch, and the user has access a whole new fresh update of *content
>> only* stack(s)
>> -------------
>> Dan wrote:
>> "The app, on launch, downloads a file (a compressed stack) from my server.  I
>> know for fact that went without error.  That freshly downloaded stack then
>> downloads another compressed stack.
>> BR: wrote:  this is "big news" -- I thought the downloading of LC
>> binary stacks was definitely forbidden fruit inside Apple's Walled
>> Garden
>> jonathandlynch wrote:
>>> LC scripts are not executable code?
>> Richard wrote:
>> They are to the LiveCode engine, but not to the OS.
>> LiveCode Script has no access to the OS, and can't touch anything
>> outside of the LiveCode engine.
>> So from the OS perspective, scripts are just data, like glorified
>> spreadsheet formulas.  All sandboxing and other API evaluation is
>> relevant to the LC Engine.
>> On 8/10/17, 9:42 AM, "use-livecode on behalf of J. Landman Gay via
>> use-livecode" <[hidden email] on behalf of
>> [hidden email]> wrote:
>>    Well then, that opens up a whole realm of possibilities. I was unaware.
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
> --
> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
> LiveCode: Everyone can create apps
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
> I know the reviewers at app stores are not always careful, but
> something like an LC player would surely get their notice.

Review, from my understanding, is heavily automated (it has to be - if
you think of the scale of the App Stores these days). However, there is
always a means to get in contact with a human about specific issues
(which can take a while to get escalated with someone who can actually
do something - but at least it is possible).

> They do allow us to import JS, but JS is way more sandboxed than LC.

Yes - this is true - however, as I noticed this morning Apple no longer
have their advisory about allowing arbitrary JS to be downloaded and run
within a WebView. This is simply because you can could build a host app
which gives access to every single OS
API on iOS and make all of them callable from JS (even if the JS bundled
with the app does not use any of it).

So, the point is the language is not the point - what the code running
in the language does is important.

Like Google, Apple are wanting to know precisely what OS APIs your app
is calling at the point of review - so they have some idea of the
surface area of attack for any malicious intent. How much analysis they
currently do, no-one really knows - however the guidelines means that
(in principal) they have reasons to pull any apps very quickly if they
find that they are doing something which is 'not allowed'.

Warmest Regards,

Mark.

--
Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
LiveCode: Everyone can create apps

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
Mark,

Thanks for weighing in. I would like to read into those licenses that I
could update my core LCS, but I know in my soul that if I do that it's just
a shoe waiting to drop that could affect not only my license but the entire
LC community. I also feel that when I create an extra button(with stub code)
because a "data" update offers more options that I am staying within the
guidelines and the spirit of the App/Play store rules. I see this as simple
decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
says "no" because he did not eat "A" cookie but ate 3 cookies. I am not a 2
year old and know what these rules were intended to prevent.

By the way, I was once rejected because my data update "answer" dialog was
worded as "An app update is available". I explained that it was a data
update and not code and changed the verbiage of the dialog. I then passed
the review. Moral: The review team can look VERY close at any app during
review.

As it was said in Goodfellows... At least, that's how I feel.

Ralph DiMola
IT Director
Evergreen Information Services
[hidden email]


-----Original Message-----
From: use-livecode [mailto:[hidden email]] On Behalf
Of Mark Waddingham via use-livecode
Sent: Friday, August 11, 2017 7:24 AM
To: How to use LiveCode
Cc: Mark Waddingham
Subject: Re: Mobile LC Apps Downloading Stacks After installation

On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
> I know the reviewers at app stores are not always careful, but
> something like an LC player would surely get their notice.

Review, from my understanding, is heavily automated (it has to be - if you
think of the scale of the App Stores these days). However, there is always a
means to get in contact with a human about specific issues (which can take a
while to get escalated with someone who can actually do something - but at
least it is possible).

> They do allow us to import JS, but JS is way more sandboxed than LC.

Yes - this is true - however, as I noticed this morning Apple no longer have
their advisory about allowing arbitrary JS to be downloaded and run within a
WebView. This is simply because you can could build a host app which gives
access to every single OS API on iOS and make all of them callable from JS
(even if the JS bundled with the app does not use any of it).

So, the point is the language is not the point - what the code running in
the language does is important.

Like Google, Apple are wanting to know precisely what OS APIs your app is
calling at the point of review - so they have some idea of the surface area
of attack for any malicious intent. How much analysis they currently do,
no-one really knows - however the guidelines means that (in principal) they
have reasons to pull any apps very quickly if they find that they are doing
something which is 'not allowed'.

Warmest Regards,

Mark.

--
Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
LiveCode: Everyone can create apps

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
If Apple and Google allowed player apps that play external code, companies could essentially set up their own app stores, bypassing google play and iTunes.
I cannot imagine either company would appreciate that.

Sent from my iPhone

> On Aug 11, 2017, at 9:52 AM, Ralph DiMola via use-livecode <[hidden email]> wrote:
>
> Mark,
>
> Thanks for weighing in. I would like to read into those licenses that I
> could update my core LCS, but I know in my soul that if I do that it's just
> a shoe waiting to drop that could affect not only my license but the entire
> LC community. I also feel that when I create an extra button(with stub code)
> because a "data" update offers more options that I am staying within the
> guidelines and the spirit of the App/Play store rules. I see this as simple
> decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
> says "no" because he did not eat "A" cookie but ate 3 cookies. I am not a 2
> year old and know what these rules were intended to prevent.
>
> By the way, I was once rejected because my data update "answer" dialog was
> worded as "An app update is available". I explained that it was a data
> update and not code and changed the verbiage of the dialog. I then passed
> the review. Moral: The review team can look VERY close at any app during
> review.
>
> As it was said in Goodfellows... At least, that's how I feel.
>
> Ralph DiMola
> IT Director
> Evergreen Information Services
> [hidden email]
>
>
> -----Original Message-----
> From: use-livecode [mailto:[hidden email]] On Behalf
> Of Mark Waddingham via use-livecode
> Sent: Friday, August 11, 2017 7:24 AM
> To: How to use LiveCode
> Cc: Mark Waddingham
> Subject: Re: Mobile LC Apps Downloading Stacks After installation
>
>> On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
>> I know the reviewers at app stores are not always careful, but
>> something like an LC player would surely get their notice.
>
> Review, from my understanding, is heavily automated (it has to be - if you
> think of the scale of the App Stores these days). However, there is always a
> means to get in contact with a human about specific issues (which can take a
> while to get escalated with someone who can actually do something - but at
> least it is possible).
>
>> They do allow us to import JS, but JS is way more sandboxed than LC.
>
> Yes - this is true - however, as I noticed this morning Apple no longer have
> their advisory about allowing arbitrary JS to be downloaded and run within a
> WebView. This is simply because you can could build a host app which gives
> access to every single OS API on iOS and make all of them callable from JS
> (even if the JS bundled with the app does not use any of it).
>
> So, the point is the language is not the point - what the code running in
> the language does is important.
>
> Like Google, Apple are wanting to know precisely what OS APIs your app is
> calling at the point of review - so they have some idea of the surface area
> of attack for any malicious intent. How much analysis they currently do,
> no-one really knows - however the guidelines means that (in principal) they
> have reasons to pull any apps very quickly if they find that they are doing
> something which is 'not allowed'.
>
> Warmest Regards,
>
> Mark.
>
> --
> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
> LiveCode: Everyone can create apps
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
Several companies HAVE their own app stores.  Samsung is one that comes to
mind.  http://joyofandroid.com/android-app-store-alternatives/

~Roger


On Fri, Aug 11, 2017 at 10:00 AM, Jonathan Lynch via use-livecode <
[hidden email]> wrote:

> If Apple and Google allowed player apps that play external code, companies
> could essentially set up their own app stores, bypassing google play and
> iTunes.
> I cannot imagine either company would appreciate that.
>
> Sent from my iPhone
>
> > On Aug 11, 2017, at 9:52 AM, Ralph DiMola via use-livecode <
> [hidden email]> wrote:
> >
> > Mark,
> >
> > Thanks for weighing in. I would like to read into those licenses that I
> > could update my core LCS, but I know in my soul that if I do that it's
> just
> > a shoe waiting to drop that could affect not only my license but the
> entire
> > LC community. I also feel that when I create an extra button(with stub
> code)
> > because a "data" update offers more options that I am staying within the
> > guidelines and the spirit of the App/Play store rules. I see this as
> simple
> > decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
> > says "no" because he did not eat "A" cookie but ate 3 cookies. I am not
> a 2
> > year old and know what these rules were intended to prevent.
> >
> > By the way, I was once rejected because my data update "answer" dialog
> was
> > worded as "An app update is available". I explained that it was a data
> > update and not code and changed the verbiage of the dialog. I then passed
> > the review. Moral: The review team can look VERY close at any app during
> > review.
> >
> > As it was said in Goodfellows... At least, that's how I feel.
> >
> > Ralph DiMola
> > IT Director
> > Evergreen Information Services
> > [hidden email]
> >
> >
> > -----Original Message-----
> > From: use-livecode [mailto:[hidden email]] On
> Behalf
> > Of Mark Waddingham via use-livecode
> > Sent: Friday, August 11, 2017 7:24 AM
> > To: How to use LiveCode
> > Cc: Mark Waddingham
> > Subject: Re: Mobile LC Apps Downloading Stacks After installation
> >
> >> On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
> >> I know the reviewers at app stores are not always careful, but
> >> something like an LC player would surely get their notice.
> >
> > Review, from my understanding, is heavily automated (it has to be - if
> you
> > think of the scale of the App Stores these days). However, there is
> always a
> > means to get in contact with a human about specific issues (which can
> take a
> > while to get escalated with someone who can actually do something - but
> at
> > least it is possible).
> >
> >> They do allow us to import JS, but JS is way more sandboxed than LC.
> >
> > Yes - this is true - however, as I noticed this morning Apple no longer
> have
> > their advisory about allowing arbitrary JS to be downloaded and run
> within a
> > WebView. This is simply because you can could build a host app which
> gives
> > access to every single OS API on iOS and make all of them callable from
> JS
> > (even if the JS bundled with the app does not use any of it).
> >
> > So, the point is the language is not the point - what the code running in
> > the language does is important.
> >
> > Like Google, Apple are wanting to know precisely what OS APIs your app is
> > calling at the point of review - so they have some idea of the surface
> area
> > of attack for any malicious intent. How much analysis they currently do,
> > no-one really knows - however the guidelines means that (in principal)
> they
> > have reasons to pull any apps very quickly if they find that they are
> doing
> > something which is 'not allowed'.
> >
> > Warmest Regards,
> >
> > Mark.
> >
> > --
> > Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
> > LiveCode: Everyone can create apps
> >
> > _______________________________________________
> > use-livecode mailing list
> > [hidden email]
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription
> > preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > [hidden email]
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
If we could have our own LC App Store, where people could play an app with a player app on different platforms, it would be quite excellent.

At the very least, I think Apple would object.

Sent from my iPhone

> On Aug 11, 2017, at 10:09 AM, Roger Eller via use-livecode <[hidden email]> wrote:
>
> Several companies HAVE their own app stores.  Samsung is one that comes to
> mind.  http://joyofandroid.com/android-app-store-alternatives/
>
> ~Roger
>
>
> On Fri, Aug 11, 2017 at 10:00 AM, Jonathan Lynch via use-livecode <
> [hidden email]> wrote:
>
>> If Apple and Google allowed player apps that play external code, companies
>> could essentially set up their own app stores, bypassing google play and
>> iTunes.
>> I cannot imagine either company would appreciate that.
>>
>> Sent from my iPhone
>>
>>> On Aug 11, 2017, at 9:52 AM, Ralph DiMola via use-livecode <
>> [hidden email]> wrote:
>>>
>>> Mark,
>>>
>>> Thanks for weighing in. I would like to read into those licenses that I
>>> could update my core LCS, but I know in my soul that if I do that it's
>> just
>>> a shoe waiting to drop that could affect not only my license but the
>> entire
>>> LC community. I also feel that when I create an extra button(with stub
>> code)
>>> because a "data" update offers more options that I am staying within the
>>> guidelines and the spirit of the App/Play store rules. I see this as
>> simple
>>> decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
>>> says "no" because he did not eat "A" cookie but ate 3 cookies. I am not
>> a 2
>>> year old and know what these rules were intended to prevent.
>>>
>>> By the way, I was once rejected because my data update "answer" dialog
>> was
>>> worded as "An app update is available". I explained that it was a data
>>> update and not code and changed the verbiage of the dialog. I then passed
>>> the review. Moral: The review team can look VERY close at any app during
>>> review.
>>>
>>> As it was said in Goodfellows... At least, that's how I feel.
>>>
>>> Ralph DiMola
>>> IT Director
>>> Evergreen Information Services
>>> [hidden email]
>>>
>>>
>>> -----Original Message-----
>>> From: use-livecode [mailto:[hidden email]] On
>> Behalf
>>> Of Mark Waddingham via use-livecode
>>> Sent: Friday, August 11, 2017 7:24 AM
>>> To: How to use LiveCode
>>> Cc: Mark Waddingham
>>> Subject: Re: Mobile LC Apps Downloading Stacks After installation
>>>
>>>> On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
>>>> I know the reviewers at app stores are not always careful, but
>>>> something like an LC player would surely get their notice.
>>>
>>> Review, from my understanding, is heavily automated (it has to be - if
>> you
>>> think of the scale of the App Stores these days). However, there is
>> always a
>>> means to get in contact with a human about specific issues (which can
>> take a
>>> while to get escalated with someone who can actually do something - but
>> at
>>> least it is possible).
>>>
>>>> They do allow us to import JS, but JS is way more sandboxed than LC.
>>>
>>> Yes - this is true - however, as I noticed this morning Apple no longer
>> have
>>> their advisory about allowing arbitrary JS to be downloaded and run
>> within a
>>> WebView. This is simply because you can could build a host app which
>> gives
>>> access to every single OS API on iOS and make all of them callable from
>> JS
>>> (even if the JS bundled with the app does not use any of it).
>>>
>>> So, the point is the language is not the point - what the code running in
>>> the language does is important.
>>>
>>> Like Google, Apple are wanting to know precisely what OS APIs your app is
>>> calling at the point of review - so they have some idea of the surface
>> area
>>> of attack for any malicious intent. How much analysis they currently do,
>>> no-one really knows - however the guidelines means that (in principal)
>> they
>>> have reasons to pull any apps very quickly if they find that they are
>> doing
>>> something which is 'not allowed'.
>>>
>>> Warmest Regards,
>>>
>>> Mark.
>>>
>>> --
>>> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
>>> LiveCode: Everyone can create apps
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription
>>> preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode
Unless I read your post incorrectly, mark, "Do" works just fine, at least
for ad hoc apps, as well it better, because it is a critically important
part of trying to debug mobile apps at runtime, with some of the rather
annoying things that happen at runtime, like some failure in a script
causing that script to silently exit without any notice or message.  "Do"
lets me add the equivalent of the message box when I'm working on an app.
Before I realized that it worked, about half of the lines of code in any
app I wrote was related to debugging some issue or another.  The ability to
use "Do" means far fewer debugging builds and a lot less shaking my
monitor, cursing the runtime engine for being so unhelpful, and me for
choosing coding over septic technician.

The remote debugger is a great new tool to have in the toolbox, but "do" is
still the one that saves me when everything just stops.

The sideloading/bootstrapping capabilities in LC are a fantastic way to
work on corporate apps, force updates, and save everyone time and hassle.
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode
I cannot quite see how people are prepared to go on buying Apple iPads when
there are such draconian restrictions as to what one can run on them.

While the Android "thing" may not be much better, at last one can
side-load almost anything one wants.

But, Like Richard Stallman, I suffer from the "horrible" belief that
once one has bought something
it belongs to you and you should not be told what you can and cannot do
with it.

OK, OK, I'm back off to the kitchen to carry on slicing vegetables with
a roll of toliet paper.

There is a whole world of difference between a set of actions one cannot
do because of the
physical limitations of a thing and a set of actions one is not allowed
to do because a bunch of people
in California want to carry on mucking you around even after they ahve
successfully manipulated you into buying their
over-priced product.

Currently trying to get my ASUS Intel Tablet  which runs Android to do a
few things I want it to, but Google [wouldn't Douglas Adams
have a fit of the dry boak?] do want me to do with it.

Richmond.

On 8/11/17 5:35 pm, Jonathan Lynch via use-livecode wrote:

> If we could have our own LC App Store, where people could play an app with a player app on different platforms, it would be quite excellent.
>
> At the very least, I think Apple would object.
>
> Sent from my iPhone
>
>> On Aug 11, 2017, at 10:09 AM, Roger Eller via use-livecode <[hidden email]> wrote:
>>
>> Several companies HAVE their own app stores.  Samsung is one that comes to
>> mind.  http://joyofandroid.com/android-app-store-alternatives/
>>
>> ~Roger
>>
>>
>> On Fri, Aug 11, 2017 at 10:00 AM, Jonathan Lynch via use-livecode <
>> [hidden email]> wrote:
>>
>>> If Apple and Google allowed player apps that play external code, companies
>>> could essentially set up their own app stores, bypassing google play and
>>> iTunes.
>>> I cannot imagine either company would appreciate that.
>>>
>>> Sent from my iPhone
>>>
>>>> On Aug 11, 2017, at 9:52 AM, Ralph DiMola via use-livecode <
>>> [hidden email]> wrote:
>>>> Mark,
>>>>
>>>> Thanks for weighing in. I would like to read into those licenses that I
>>>> could update my core LCS, but I know in my soul that if I do that it's
>>> just
>>>> a shoe waiting to drop that could affect not only my license but the
>>> entire
>>>> LC community. I also feel that when I create an extra button(with stub
>>> code)
>>>> because a "data" update offers more options that I am staying within the
>>>> guidelines and the spirit of the App/Play store rules. I see this as
>>> simple
>>>> decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
>>>> says "no" because he did not eat "A" cookie but ate 3 cookies. I am not
>>> a 2
>>>> year old and know what these rules were intended to prevent.
>>>>
>>>> By the way, I was once rejected because my data update "answer" dialog
>>> was
>>>> worded as "An app update is available". I explained that it was a data
>>>> update and not code and changed the verbiage of the dialog. I then passed
>>>> the review. Moral: The review team can look VERY close at any app during
>>>> review.
>>>>
>>>> As it was said in Goodfellows... At least, that's how I feel.
>>>>
>>>> Ralph DiMola
>>>> IT Director
>>>> Evergreen Information Services
>>>> [hidden email]
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: use-livecode [mailto:[hidden email]] On
>>> Behalf
>>>> Of Mark Waddingham via use-livecode
>>>> Sent: Friday, August 11, 2017 7:24 AM
>>>> To: How to use LiveCode
>>>> Cc: Mark Waddingham
>>>> Subject: Re: Mobile LC Apps Downloading Stacks After installation
>>>>
>>>>> On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
>>>>> I know the reviewers at app stores are not always careful, but
>>>>> something like an LC player would surely get their notice.
>>>> Review, from my understanding, is heavily automated (it has to be - if
>>> you
>>>> think of the scale of the App Stores these days). However, there is
>>> always a
>>>> means to get in contact with a human about specific issues (which can
>>> take a
>>>> while to get escalated with someone who can actually do something - but
>>> at
>>>> least it is possible).
>>>>
>>>>> They do allow us to import JS, but JS is way more sandboxed than LC.
>>>> Yes - this is true - however, as I noticed this morning Apple no longer
>>> have
>>>> their advisory about allowing arbitrary JS to be downloaded and run
>>> within a
>>>> WebView. This is simply because you can could build a host app which
>>> gives
>>>> access to every single OS API on iOS and make all of them callable from
>>> JS
>>>> (even if the JS bundled with the app does not use any of it).
>>>>
>>>> So, the point is the language is not the point - what the code running in
>>>> the language does is important.
>>>>
>>>> Like Google, Apple are wanting to know precisely what OS APIs your app is
>>>> calling at the point of review - so they have some idea of the surface
>>> area
>>>> of attack for any malicious intent. How much analysis they currently do,
>>>> no-one really knows - however the guidelines means that (in principal)
>>> they
>>>> have reasons to pull any apps very quickly if they find that they are
>>> doing
>>>> something which is 'not allowed'.
>>>>
>>>> Warmest Regards,
>>>>
>>>> Mark.
>>>>
>>>> --
>>>> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
>>>> LiveCode: Everyone can create apps
>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> [hidden email]
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription
>>>> preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>
>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> [hidden email]
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode
On 2017-08-11 16:35, Mike Kerner via use-livecode wrote:
> Unless I read your post incorrectly, mark, "Do" works just fine, at
> least

Yes it does - the point I was making was that breaking the rules in the
App Store could end up with us having to restrict what the LiveCode
engine can do when being run in an App Store Installed environment to
ensure that we aren't blocked from said App Store. The blunt instrument
would be not allowing *any* dynamic code execution (which is essentially
what Apple *did* do for a while in 2010).

> The sideloading/bootstrapping capabilities in LC are a fantastic way to
> work on corporate apps, force updates, and save everyone time and
> hassle.

What happens inside corporations within the Enterprise schemes the App
Stores have is not the issue here. There you can do whatever you like -
within what the IT departments allow, at least.

This is the consumer facing App Store(s) which have these restrictions.
Primarily to protect people who don't want to have to understand all the
details of the risks involved with having hugely powerful computational
devices in their pockets which can download and run code provided by
(what are, in reality) very loosely vetted
organisations/businesses/individuals. Particularly when those
computational devices also tend to store their entire 'lives' (in terms
of personal details, financial details, contacts, etc.).

Warmest Regards,

Mark.

--
Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
LiveCode: Everyone can create apps

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode
On 2017-08-11 16:44, Richmond Mathewson via use-livecode wrote:
> I cannot quite see how people are prepared to go on buying Apple iPads
> when
> there are such draconian restrictions as to what one can run on them.
>
> While the Android "thing" may not be much better, at last one can
> side-load almost anything one wants.

One can on iOS too - if you want to Jailbreak your device. Or, indeed,
if you have a Apple dev account (which I believe are now free until you
want to submit an app - someone please correct me if I'm wrong) you can
put on it whatever you like.

> There is a whole world of difference between a set of actions one
> cannot do because of the
> physical limitations of a thing and a set of actions one is not
> allowed to do because a bunch of people
> in California want to carry on mucking you around even after they ahve
> successfully manipulated you into buying their
> over-priced product.

That might be true - but as much as these restrictions *might* be
because the vendors 'want complete control of their walled garden to
scalp us for cash', I honestly do think it is much more about ensuring
these devices are *safe* for people to use in regards to all the very
critical information we tend to hold on our devices.

It is important to remember that the majority of people who use mobile
phones, tablets and computers use them like they do their car or washing
machine. They have little interest in how the thing works, just that it
does what they need to - does it well and does it safely.

Sure some people complain about seat-belts and speed limits but the
reality is that those *legally enforceable requirements* make the roads
a great deal safer for everyone.

Warmest Regards,

Mark.

--
Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
LiveCode: Everyone can create apps

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
On Fri, Aug 11, 2017 at 8:44 AM, Mark Waddingham via use-livecode <
[hidden email]> wrote:

>
>
> It is important to remember that the majority of people who use mobile
> phones, tablets and computers use them like they do their car or washing
> machine. They have little interest in how the thing works, just that it
> does what they need to - does it well and does it safely.
>

This.

Word processor, spreadsheet, browser, email, and a few games probably
covers 99% of users.

On a phone, many want their facetwit applications, too.

My interest in a smart phone ends at navigation, camera, and caller ID.
Oh, and enough voice control to place calls.

I'd be tempted to switch to an android (I actually had the original
gphone), but the privacy, hacks, and whathaveyou stop me.

Security and privacy *are* what I'm buying when I pay extra for an iOS
device.



--
Dr. Richard E. Hawkins, Esq.
(702) 508-8462
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode
That's not what I'm saying.  What I'm saying is while telling everyone to
control themselves is good, removing these capabilities from LC is bad, so
if the time comes where it is necessary to do something to stop someone
from behaving badly, please make sure we have a switch in place that allows
the rest of us to continue as-is.

On Fri, Aug 11, 2017 at 11:31 AM, Mark Waddingham via use-livecode <
[hidden email]> wrote:

> On 2017-08-11 16:35, Mike Kerner via use-livecode wrote:
>
>> Unless I read your post incorrectly, mark, "Do" works just fine, at least
>>
>
> Yes it does - the point I was making was that breaking the rules in the
> App Store could end up with us having to restrict what the LiveCode engine
> can do when being run in an App Store Installed environment to ensure that
> we aren't blocked from said App Store. The blunt instrument would be not
> allowing *any* dynamic code execution (which is essentially what Apple
> *did* do for a while in 2010).
>
> The sideloading/bootstrapping capabilities in LC are a fantastic way to
>> work on corporate apps, force updates, and save everyone time and hassle.
>>
>
> What happens inside corporations within the Enterprise schemes the App
> Stores have is not the issue here. There you can do whatever you like -
> within what the IT departments allow, at least.
>
> This is the consumer facing App Store(s) which have these restrictions.
> Primarily to protect people who don't want to have to understand all the
> details of the risks involved with having hugely powerful computational
> devices in their pockets which can download and run code provided by (what
> are, in reality) very loosely vetted organisations/businesses/individuals.
> Particularly when those computational devices also tend to store their
> entire 'lives' (in terms of personal details, financial details, contacts,
> etc.).
>
>
> Warmest Regards,
>
> Mark.
>
> --
> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
> LiveCode: Everyone can create apps
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



--
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
On 2017-08-11 18:00, Mike Kerner via use-livecode wrote:
> That's not what I'm saying.  What I'm saying is while telling everyone
> to
> control themselves is good, removing these capabilities from LC is bad,
> so
> if the time comes where it is necessary to do something to stop someone
> from behaving badly, please make sure we have a switch in place that
> allows
> the rest of us to continue as-is.

Hence my comment about 'when being run from an App Store installed
environment'. It is easy to check if an App is running when installed
from an AppStore...

Indeed, you have to build such things using a 'distribution profile'
specific to the store - so any action would be at standalone-build time,
rather than anywhere else.

To be fair, I don't think it is likely to happen... However, unlikely
does not mean impossible!

Warmest Regards,

Mark.

P.S. I'd also rather not have to expend the resources doing it - there
are far better things we could be doing than figuring out ways to turn
dynamic features into static ones, or reworking stuff so the dynamic
features could be turned off. I much prefer the 'with great power comes
great responsibility' approach - i.e. trust!

--
Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
LiveCode: Everyone can create apps

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode
In this case, the restrictions are to prevent malware from entering the app
stores, which hardly sounds Draconian to me. Even so, there have been a
handful of apps that made it through the vetting process and affected
dozens or hundreds of users. It's rare but it has happened.

--
Jacqueline Landman Gay         |     [hidden email]
HyperActive Software           |     http://www.hyperactivesw.com



On August 11, 2017 9:46:37 AM Richmond Mathewson via use-livecode
<[hidden email]> wrote:

> I cannot quite see how people are prepared to go on buying Apple iPads when
> there are such draconian restrictions as to what one can run on them.
>
> While the Android "thing" may not be much better, at last one can
> side-load almost anything one wants.
>
> But, Like Richard Stallman, I suffer from the "horrible" belief that
> once one has bought something
> it belongs to you and you should not be told what you can and cannot do
> with it.
>
> OK, OK, I'm back off to the kitchen to carry on slicing vegetables with
> a roll of toliet paper.
>
> There is a whole world of difference between a set of actions one cannot
> do because of the
> physical limitations of a thing and a set of actions one is not allowed
> to do because a bunch of people
> in California want to carry on mucking you around even after they ahve
> successfully manipulated you into buying their
> over-priced product.
>
> Currently trying to get my ASUS Intel Tablet  which runs Android to do a
> few things I want it to, but Google [wouldn't Douglas Adams
> have a fit of the dry boak?] do want me to do with it.
>
> Richmond.
>
> On 8/11/17 5:35 pm, Jonathan Lynch via use-livecode wrote:
>> If we could have our own LC App Store, where people could play an app with
>> a player app on different platforms, it would be quite excellent.
>>
>> At the very least, I think Apple would object.
>>
>> Sent from my iPhone
>>
>>> On Aug 11, 2017, at 10:09 AM, Roger Eller via use-livecode
>>> <[hidden email]> wrote:
>>>
>>> Several companies HAVE their own app stores.  Samsung is one that comes to
>>> mind.  http://joyofandroid.com/android-app-store-alternatives/
>>>
>>> ~Roger
>>>
>>>
>>> On Fri, Aug 11, 2017 at 10:00 AM, Jonathan Lynch via use-livecode <
>>> [hidden email]> wrote:
>>>
>>>> If Apple and Google allowed player apps that play external code, companies
>>>> could essentially set up their own app stores, bypassing google play and
>>>> iTunes.
>>>> I cannot imagine either company would appreciate that.
>>>>
>>>> Sent from my iPhone
>>>>
>>>>> On Aug 11, 2017, at 9:52 AM, Ralph DiMola via use-livecode <
>>>> [hidden email]> wrote:
>>>>> Mark,
>>>>>
>>>>> Thanks for weighing in. I would like to read into those licenses that I
>>>>> could update my core LCS, but I know in my soul that if I do that it's
>>>> just
>>>>> a shoe waiting to drop that could affect not only my license but the
>>>> entire
>>>>> LC community. I also feel that when I create an extra button(with stub
>>>> code)
>>>>> because a "data" update offers more options that I am staying within the
>>>>> guidelines and the spirit of the App/Play store rules. I see this as
>>>> simple
>>>>> decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
>>>>> says "no" because he did not eat "A" cookie but ate 3 cookies. I am not
>>>> a 2
>>>>> year old and know what these rules were intended to prevent.
>>>>>
>>>>> By the way, I was once rejected because my data update "answer" dialog
>>>> was
>>>>> worded as "An app update is available". I explained that it was a data
>>>>> update and not code and changed the verbiage of the dialog. I then passed
>>>>> the review. Moral: The review team can look VERY close at any app during
>>>>> review.
>>>>>
>>>>> As it was said in Goodfellows... At least, that's how I feel.
>>>>>
>>>>> Ralph DiMola
>>>>> IT Director
>>>>> Evergreen Information Services
>>>>> [hidden email]
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: use-livecode [mailto:[hidden email]] On
>>>> Behalf
>>>>> Of Mark Waddingham via use-livecode
>>>>> Sent: Friday, August 11, 2017 7:24 AM
>>>>> To: How to use LiveCode
>>>>> Cc: Mark Waddingham
>>>>> Subject: Re: Mobile LC Apps Downloading Stacks After installation
>>>>>
>>>>>> On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
>>>>>> I know the reviewers at app stores are not always careful, but
>>>>>> something like an LC player would surely get their notice.
>>>>> Review, from my understanding, is heavily automated (it has to be - if
>>>> you
>>>>> think of the scale of the App Stores these days). However, there is
>>>> always a
>>>>> means to get in contact with a human about specific issues (which can
>>>> take a
>>>>> while to get escalated with someone who can actually do something - but
>>>> at
>>>>> least it is possible).
>>>>>
>>>>>> They do allow us to import JS, but JS is way more sandboxed than LC.
>>>>> Yes - this is true - however, as I noticed this morning Apple no longer
>>>> have
>>>>> their advisory about allowing arbitrary JS to be downloaded and run
>>>> within a
>>>>> WebView. This is simply because you can could build a host app which
>>>> gives
>>>>> access to every single OS API on iOS and make all of them callable from
>>>> JS
>>>>> (even if the JS bundled with the app does not use any of it).
>>>>>
>>>>> So, the point is the language is not the point - what the code running in
>>>>> the language does is important.
>>>>>
>>>>> Like Google, Apple are wanting to know precisely what OS APIs your app is
>>>>> calling at the point of review - so they have some idea of the surface
>>>> area
>>>>> of attack for any malicious intent. How much analysis they currently do,
>>>>> no-one really knows - however the guidelines means that (in principal)
>>>> they
>>>>> have reasons to pull any apps very quickly if they find that they are
>>>> doing
>>>>> something which is 'not allowed'.
>>>>>
>>>>> Warmest Regards,
>>>>>
>>>>> Mark.
>>>>>
>>>>> --
>>>>> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
>>>>> LiveCode: Everyone can create apps
>>>>>
>>>>> _______________________________________________
>>>>> use-livecode mailing list
>>>>> [hidden email]
>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription
>>>>> preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> use-livecode mailing list
>>>>> [hidden email]
>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> [hidden email]
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode



_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
It seems that this is another reason to use LC's HTML5 deployment.

Since external javascript is permitted, one could do the "sideloading" by accessing a website created with LC.

It would just be an LC HTML5 app displayed inside of a browser widget.

Of course, it would be easy to abuse this by adding in function calls to LC on the mobile device, so we would need to be careful.

In Augmented Earth, reports can have ads added to them. The report, with the ad, is displayed through a browser widget. This will allow advertisers to place high-quality ads, which they will love.

However, nothing in the app would give them access to extra system calls. It is still sandboxed, but only by choice.

So, that great power thing still applies - and thanks to the great Stan Lee for that meme!

Sent from my iPhone

> On Aug 11, 2017, at 12:20 PM, J. Landman Gay via use-livecode <[hidden email]> wrote:
>
> In this case, the restrictions are to prevent malware from entering the app stores, which hardly sounds Draconian to me. Even so, there have been a handful of apps that made it through the vetting process and affected dozens or hundreds of users. It's rare but it has happened.
>
> --
> Jacqueline Landman Gay         |     [hidden email]
> HyperActive Software           |     http://www.hyperactivesw.com
>
>
>
>> On August 11, 2017 9:46:37 AM Richmond Mathewson via use-livecode <[hidden email]> wrote:
>>
>> I cannot quite see how people are prepared to go on buying Apple iPads when
>> there are such draconian restrictions as to what one can run on them.
>>
>> While the Android "thing" may not be much better, at last one can
>> side-load almost anything one wants.
>>
>> But, Like Richard Stallman, I suffer from the "horrible" belief that
>> once one has bought something
>> it belongs to you and you should not be told what you can and cannot do
>> with it.
>>
>> OK, OK, I'm back off to the kitchen to carry on slicing vegetables with
>> a roll of toliet paper.
>>
>> There is a whole world of difference between a set of actions one cannot
>> do because of the
>> physical limitations of a thing and a set of actions one is not allowed
>> to do because a bunch of people
>> in California want to carry on mucking you around even after they ahve
>> successfully manipulated you into buying their
>> over-priced product.
>>
>> Currently trying to get my ASUS Intel Tablet  which runs Android to do a
>> few things I want it to, but Google [wouldn't Douglas Adams
>> have a fit of the dry boak?] do want me to do with it.
>>
>> Richmond.
>>
>>> On 8/11/17 5:35 pm, Jonathan Lynch via use-livecode wrote:
>>> If we could have our own LC App Store, where people could play an app with a player app on different platforms, it would be quite excellent.
>>>
>>> At the very least, I think Apple would object.
>>>
>>> Sent from my iPhone
>>>
>>>> On Aug 11, 2017, at 10:09 AM, Roger Eller via use-livecode <[hidden email]> wrote:
>>>>
>>>> Several companies HAVE their own app stores.  Samsung is one that comes to
>>>> mind.  http://joyofandroid.com/android-app-store-alternatives/
>>>>
>>>> ~Roger
>>>>
>>>>
>>>> On Fri, Aug 11, 2017 at 10:00 AM, Jonathan Lynch via use-livecode <
>>>> [hidden email]> wrote:
>>>>
>>>>> If Apple and Google allowed player apps that play external code, companies
>>>>> could essentially set up their own app stores, bypassing google play and
>>>>> iTunes.
>>>>> I cannot imagine either company would appreciate that.
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>>> On Aug 11, 2017, at 9:52 AM, Ralph DiMola via use-livecode <
>>>>> [hidden email]> wrote:
>>>>>> Mark,
>>>>>>
>>>>>> Thanks for weighing in. I would like to read into those licenses that I
>>>>>> could update my core LCS, but I know in my soul that if I do that it's
>>>>> just
>>>>>> a shoe waiting to drop that could affect not only my license but the
>>>>> entire
>>>>>> LC community. I also feel that when I create an extra button(with stub
>>>>> code)
>>>>>> because a "data" update offers more options that I am staying within the
>>>>>> guidelines and the spirit of the App/Play store rules. I see this as
>>>>> simple
>>>>>> decision. I call it the "Johnny, did you eat a cookie?" scenario. Johnny
>>>>>> says "no" because he did not eat "A" cookie but ate 3 cookies. I am not
>>>>> a 2
>>>>>> year old and know what these rules were intended to prevent.
>>>>>>
>>>>>> By the way, I was once rejected because my data update "answer" dialog
>>>>> was
>>>>>> worded as "An app update is available". I explained that it was a data
>>>>>> update and not code and changed the verbiage of the dialog. I then passed
>>>>>> the review. Moral: The review team can look VERY close at any app during
>>>>>> review.
>>>>>>
>>>>>> As it was said in Goodfellows... At least, that's how I feel.
>>>>>>
>>>>>> Ralph DiMola
>>>>>> IT Director
>>>>>> Evergreen Information Services
>>>>>> [hidden email]
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: use-livecode [mailto:[hidden email]] On
>>>>> Behalf
>>>>>> Of Mark Waddingham via use-livecode
>>>>>> Sent: Friday, August 11, 2017 7:24 AM
>>>>>> To: How to use LiveCode
>>>>>> Cc: Mark Waddingham
>>>>>> Subject: Re: Mobile LC Apps Downloading Stacks After installation
>>>>>>
>>>>>>> On 2017-08-11 12:20, Jonathan Lynch via use-livecode wrote:
>>>>>>> I know the reviewers at app stores are not always careful, but
>>>>>>> something like an LC player would surely get their notice.
>>>>>> Review, from my understanding, is heavily automated (it has to be - if
>>>>> you
>>>>>> think of the scale of the App Stores these days). However, there is
>>>>> always a
>>>>>> means to get in contact with a human about specific issues (which can
>>>>> take a
>>>>>> while to get escalated with someone who can actually do something - but
>>>>> at
>>>>>> least it is possible).
>>>>>>
>>>>>>> They do allow us to import JS, but JS is way more sandboxed than LC.
>>>>>> Yes - this is true - however, as I noticed this morning Apple no longer
>>>>> have
>>>>>> their advisory about allowing arbitrary JS to be downloaded and run
>>>>> within a
>>>>>> WebView. This is simply because you can could build a host app which
>>>>> gives
>>>>>> access to every single OS API on iOS and make all of them callable from
>>>>> JS
>>>>>> (even if the JS bundled with the app does not use any of it).
>>>>>>
>>>>>> So, the point is the language is not the point - what the code running in
>>>>>> the language does is important.
>>>>>>
>>>>>> Like Google, Apple are wanting to know precisely what OS APIs your app is
>>>>>> calling at the point of review - so they have some idea of the surface
>>>>> area
>>>>>> of attack for any malicious intent. How much analysis they currently do,
>>>>>> no-one really knows - however the guidelines means that (in principal)
>>>>> they
>>>>>> have reasons to pull any apps very quickly if they find that they are
>>>>> doing
>>>>>> something which is 'not allowed'.
>>>>>>
>>>>>> Warmest Regards,
>>>>>>
>>>>>> Mark.
>>>>>>
>>>>>> --
>>>>>> Mark Waddingham ~ [hidden email] ~ http://www.livecode.com/
>>>>>> LiveCode: Everyone can create apps
>>>>>>
>>>>>> _______________________________________________
>>>>>> use-livecode mailing list
>>>>>> [hidden email]
>>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>> subscription
>>>>>> preferences:
>>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> use-livecode mailing list
>>>>>> [hidden email]
>>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>> subscription preferences:
>>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>> _______________________________________________
>>>>> use-livecode mailing list
>>>>> [hidden email]
>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>> subscription preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> [hidden email]
>>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode

Richmond:

 > I cannot quite see how people are prepared to go on buying
 > Apple iPads when there are such draconian restrictions as to
 > what one can run on them.

 > While the Android "thing" may not be much better, at last one
 > can side-load almost anything one wants.

 > But, Like Richard Stallman, I suffer from the "horrible" belief
 > that once one has bought something it belongs to you and you
 > should not be told what you can and cannot do with it.

Richmond, this may be rare but I'm 100% in agreement with you! My
device, my management. I don't have the right to do something illegal or
endanger others, but otherwise, I call the shots.

Safer? Ha! I can assure everyone that at least in the U.S., your own
confidential information is fairly likely to be transmitted insecurely
even by professions, regardless of which phone or computer they are
using. I've seen it again and again - social security numbers, sensitive
records, photo ID, banking and financial, the works. Dumbing things
down, the resulting ignorance and complacency hasn't helped. I'm not
even getting into other long-term implications of recent technology trends.

For virus and malware in particular, yes. But that type of safety could
be achieved in other specific ways. This system is primarily about
control - a lot of it is financial, some perhaps even ideological.
Safety is also a big component of the system, but not the defining one.

Best wishes,

Curry Kenworthy

Custom Software Development
http://curryk.com/consulting/


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
In reply to this post by ** Clarence P Martin ** via use-livecode
Well, I always drive below the speed limit and I always wear a seatbelt
(and have always done so whether or not it was
a legal requirement in the country I happened to be living in at the time).

This is not quite the same as keeping goats and hens in the back of your
car (which was not illegal last time I looked).

While keeping goats and hens in the car may prove extremely smelly it
cannot be said to be unsafe
(unless one wants to drive the car with a nanny goat sitting on one's lap).

Now putting a LiveCode standalone onto an iPad that does thing that
Apple doesn't like isn't always the same thing as putting things onto an
iPad that is unsafe.

I'm absolutely sure that an awful lot of the creative potential of
tablets is being lost because of unnecessary restrictions.

On 8/11/17 6:44 pm, Mark Waddingham via use-livecode wrote:

> On 2017-08-11 16:44, Richmond Mathewson via use-livecode wrote:
>> I cannot quite see how people are prepared to go on buying Apple
>> iPads when
>> there are such draconian restrictions as to what one can run on them.
>>
>> While the Android "thing" may not be much better, at last one can
>> side-load almost anything one wants.
>
> One can on iOS too - if you want to Jailbreak your device. Or, indeed,
> if you have a Apple dev account (which I believe are now free until
> you want to submit an app - someone please correct me if I'm wrong)
> you can put on it whatever you like.
>
>> There is a whole world of difference between a set of actions one
>> cannot do because of the
>> physical limitations of a thing and a set of actions one is not
>> allowed to do because a bunch of people
>> in California want to carry on mucking you around even after they ahve
>> successfully manipulated you into buying their
>> over-priced product.
>
> That might be true - but as much as these restrictions *might* be
> because the vendors 'want complete control of their walled garden to
> scalp us for cash', I honestly do think it is much more about ensuring
> these devices are *safe* for people to use in regards to all the very
> critical information we tend to hold on our devices.

I don't see that, so much as the possibility that Apple and Google are
scalping developers for cash;
and even that does not make much sense as they could still "scalp" if
the restrictions were not so tight.

I don't think the developers of these machines or their operating
systems are worried that much about
the end-users' safety; surely they are more interested in keeping their
shareholders happy.

>
> It is important to remember that the majority of people who use mobile
> phones, tablets and computers use them like they do their car or
> washing machine. They have little interest in how the thing works,
> just that it does what they need to - does it well and does it safely.

Yes, I am sure you are right. But, by imposing these restrictions they
do not give the end-user a choice; and a world in which choice seems to
be increasingly restricted is not good.

It would seem that the use of over-regulation and over-restriction is a
way of dodging the very heavy moral responsibility of teaching people to
make sensible decisions.
>
> Sure some people complain about seat-belts and speed limits but the
> reality is that those *legally enforceable requirements* make the
> roads a great deal safer for everyone.
>
> Warmest Regards,

Not half as warm as over here in Bulgaria; hit 43 Centigrade today!
>
> Mark.
>

Best, Richmond.

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [OT] Draconian computer company policies, was: Mobile LC Apps Downloading Stacks After installation

** Clarence P Martin ** via use-livecode
If we buy an iPad, we are buying both the device and the services that go with it. To use a service, like iTunes, we are agreeing to operate by their rules.

It seems acceptable for Apple to impose restrictions on use of their device and their services simply because people have the choice to agree to those terms or not. We are not forced to buy it.

Basically, I don't complain about a closed ecosystem since I elected to partake of that system, especially since we have alternatives.

Sent from my iPhone

> On Aug 11, 2017, at 12:54 PM, Richmond Mathewson via use-livecode <[hidden email]> wrote:
>
> Well, I always drive below the speed limit and I always wear a seatbelt (and have always done so whether or not it was
> a legal requirement in the country I happened to be living in at the time).
>
> This is not quite the same as keeping goats and hens in the back of your car (which was not illegal last time I looked).
>
> While keeping goats and hens in the car may prove extremely smelly it cannot be said to be unsafe
> (unless one wants to drive the car with a nanny goat sitting on one's lap).
>
> Now putting a LiveCode standalone onto an iPad that does thing that Apple doesn't like isn't always the same thing as putting things onto an iPad that is unsafe.
>
> I'm absolutely sure that an awful lot of the creative potential of tablets is being lost because of unnecessary restrictions.
>
>> On 8/11/17 6:44 pm, Mark Waddingham via use-livecode wrote:
>>> On 2017-08-11 16:44, Richmond Mathewson via use-livecode wrote:
>>> I cannot quite see how people are prepared to go on buying Apple iPads when
>>> there are such draconian restrictions as to what one can run on them.
>>>
>>> While the Android "thing" may not be much better, at last one can
>>> side-load almost anything one wants.
>>
>> One can on iOS too - if you want to Jailbreak your device. Or, indeed, if you have a Apple dev account (which I believe are now free until you want to submit an app - someone please correct me if I'm wrong) you can put on it whatever you like.
>>
>>> There is a whole world of difference between a set of actions one
>>> cannot do because of the
>>> physical limitations of a thing and a set of actions one is not
>>> allowed to do because a bunch of people
>>> in California want to carry on mucking you around even after they ahve
>>> successfully manipulated you into buying their
>>> over-priced product.
>>
>> That might be true - but as much as these restrictions *might* be because the vendors 'want complete control of their walled garden to scalp us for cash', I honestly do think it is much more about ensuring these devices are *safe* for people to use in regards to all the very critical information we tend to hold on our devices.
>
> I don't see that, so much as the possibility that Apple and Google are scalping developers for cash;
> and even that does not make much sense as they could still "scalp" if the restrictions were not so tight.
>
> I don't think the developers of these machines or their operating systems are worried that much about
> the end-users' safety; surely they are more interested in keeping their shareholders happy.
>
>>
>> It is important to remember that the majority of people who use mobile phones, tablets and computers use them like they do their car or washing machine. They have little interest in how the thing works, just that it does what they need to - does it well and does it safely.
>
> Yes, I am sure you are right. But, by imposing these restrictions they do not give the end-user a choice; and a world in which choice seems to be increasingly restricted is not good.
>
> It would seem that the use of over-regulation and over-restriction is a way of dodging the very heavy moral responsibility of teaching people to
> make sensible decisions.
>>
>> Sure some people complain about seat-belts and speed limits but the reality is that those *legally enforceable requirements* make the roads a great deal safer for everyone.
>>
>> Warmest Regards,
>
> Not half as warm as over here in Bulgaria; hit 43 Centigrade today!
>>
>> Mark.
>>
>
> Best, Richmond.
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
12
Loading...