Hi! My name is Cédric Bozzi, I make websites and iOS apps, and this is my blog about technology (mostly a Twitter archive, really).

3 July 2009

I think my iPhone’s battery status indicator has become completely unreliable since 3.0.

“Apple patching critical SMS vulnerability in iPhone OS”

Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone’s SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. […]

The iPhone can be instructed to execute SMS data as code instead of text, and when it executes the code it does so with root privileges and without any interaction from the user.

Wow. That’s completely unacceptable — unlike a browser vulnerability (where you can switch browsers or at least avoid shady websites), or even a port that’s open to probing on Windows (where you can hide behind a router), there is absolutely no workaround for that kind of thing, short of removing the SIM card and turning your iPhone into an iPod touch. How in hell does an iPhone end up running SMS data as root-level code?

(I’d rather the article had an official Apple quote, but I’ll assume a security researcher wouldn’t burn themselves by bragging about such a thing without grounds.)

4 July

“Email Full-Resolution Photos From the iPhone”

If you use copy-and-paste instead of the “Email Photo” button in the Camera app, you can email the full-resolution version of the photo.

That’s… just weird.

“Kinetic Road Plates - Green power from the parking lot”

Kinetic road plates will soon power checkouts at a Sainsbury supermarket in Gloucester in the UK. Each time a vehicle drives over the plates in the parking lot, kinetic energy is converted into electricity and transferred back into the store.

Not new, but I just realized: you can’t call “green” something that produces energy by increasing the gas consumption of each car that goes through the parking lot, however infinitesimally.

6 July

Wikipedia: CompuServe

The original CompuServe user IDs consisted of seven octal digits in the form 7xxxx,xx - a legacy of PDP-10 architecture

Ooh. You know what? If you’re going to give your users a numeric ID, octal makes great sense — you only lose two numbers, and it’s computationally much cheaper to convert from the ID string to octal than to a binary representation of decimal.

(Also, I’m frustrated I can’t remember what my CompuServe ID was.)

“iPhone 3GS oleophobic coating wearing off prematurely?”

While we have yet to see a second report of such extreme wear in such a short time, iLounge editors have found previous products with oleophobic coating—such as sunglasses—to be problematic, with the coating coming off with as little as contact with certain types of water.

I half-expected that. An oleophobic coating sounds like something that ought to be hard to make stick to a pane of glass.

7 July

Web is Pink on the iPhone App Store

I’ve waited so long for this moment, I’ve gotten so used to the idea that the app would never be approved for the App Store, that I now have no idea what to do next.

It’s unbelievable, but here it is: Apple has finally approved the Web is Pink app, which gives you direct access to, like, the best gay chat ever, right there on your iPhone.

It’s free, you don’t need an e-mail address to sign up from the app, it uses your phone’s geolocation capabilities to show who’s nearby, it’s connected with the awesome regular version of the site, it lets you upload photos and everything you need, and did I mention it’s the best gay chat in the world?

 

Click here to download (iTunes link, requires OS 3.0), or here for more information.

8 July

Oh, blow me. 1Password has been updated, and I have to RE-hack it to enable the Camino plug-in.

10 July

“Devspeak: iPhone 3G vs iPhone 3GS”

To take full advantage of the new capabilities of the 3GS, [EA Mobile’s] development teams will create an additional version specifically for it. […] Sega will offer products tailored specifically for each phone, although only on select titles.

According to the SDK, you’re not supposed to make “additional versions” for the 3GS, but simply use the processing and graphical power in your app if it’s available. Yet you can bet that you’ll have to buy all your games again when you switch from the 3G to the 3GS — and be prepared to pay a premium for those versions, too.

The developer had to use a more powerful OpenGL model and didn’t compress the textures as much? Geez, that’s worth at least 25% more money!

12 July

Unicode for iPhone

Remember Glyphboard? Unicode is the same, but as a native app: tap a symbol, from the several pages offered, and it’s immediately copied to the clipboard — in just one step. Or tap several symbols, then press the “Copy” button, if you want to copy and paste several at once.

A future update will let users paste symbols from outside the app into the favorites pane — mostly as a workaround for the Apple logo that I removed at the last minute because they’re no way the App Store would have accepted it (but then, the Apple logo isn’t a valid Unicode symbol anyway, so you shouldn’t really use it).

The app is very temporarily free, so you should just hurry and download and rate it with five stars.

iTunes download.

More information.

Contacted most iPhone or tech blogs. I feel dirty. But it’s either that or more literal panhandling.

I can’t believe the latest fashion is to have both “RT” and “via” in the same message.

RT To be or not to be, that is the question (via @shakespeare)

15 July

Oh, wow. The Google Maps JavaScript API v.3 works quite impressively on the iPhone.

16 July

Oh, blow me. Nimbuzz has a Mac client, and it’s Intel-only.

“Official Google Reader Blog: Following, liking and people searching”

Instead of sharing your items with others and hoping they reciprocate, you can now find people with public shared items and subscribe to their shared items with one click.

Took them long enough.

I’m not a fan of the way they implemented “like,” however — having one line saying “100+ people liked this” on all articles, with a bunch of white space above and below, is nothing but an annoying waste of real estate.

17 July

“No promo codes for apps rated 17+”

As it stands, neither the 3.0 software nor iTunes display parental warnings when using a promo code to purchase apps with a mature (17+) rating, so Apple has made the promo code functionality unavailable for apps that fall into that category.

God, that’s ridiculous.

Wonder is someone’s pattern of “dskflmskdfmlskflmk” over a long-enough length could be used to identify them reliably.

Disabling Google Reader’s “Like” Feature With CSS

But I don’t want to disable “Like” (I like it on Facebook). I just want it to be a little more intelligent and only show up when it’s about my contacts, and not strangers.

19 July

“The Anatomy Of The Twitter Attack”

Gmail informed him that an email had been sent to the user’s secondary email account. […] This is the point where the chain of trust broke down, as the attacker discovered that the account specified as a secondary for Gmail, and hosted at Hotmail was no longer active.

Damn Hotmail and its 1990s-style expiring addresses. Be careful where you’ve used them. (I never know whether they still expire nowadays, but do you remember what secondary address you’ve used, years ago, to sign up for Gmail?)

20 July

“DiggBar Commits Career Suicide, Starts Redirecting Users To Digg Homepage”

This is weird. They already had to change a couple things at launch because of the users’ reaction; a few months later, they’re doing much worse. What the hell did they expect?

23 July

Tiens, il y a une épidémie d’inscriptions à FriendFeed en France ?

Freed 11GB on my Mini so I could buy the In Treatment DVDs. Can’t wait to find out what essential apps I’ve broken.

Fine, I give up. I’m removing my non-personal accounts from Tweetie and setting them up in a third client.

Wow, I don’t like the new layout on Get Satisfaction at all.

“Not Happy With Your Facebook Username? You Can Now Change It”

It now appears that Facebook has updated their policy, perhaps after being inundated with requests to change poor name choices, or maybe just because registrations have slowed to a more manageable pace and they intended to add the option all along.

I certainly hope Facebook isn’t that stupid, and it’s the latter.

Facebook is still imposing some limitations, alerting you that “You can only change your username once”

Huh. So much for that.

24 July

“Google Latitude Comes To The iPhone.”

After we developed a Latitude application for the iPhone, Apple requested we release Latitude as a web application in order to avoid confusion with Maps on the iPhone, which uses Google to serve maps tiles.

Oh God, you’re kidding? Well, goes to show that being Apple’s biggest partner doesn’t buy you a reasonable review process from the App Store people. (What puzzles me is that Google ended up presenting the Latitude web app at an Apple keynote anyway. I guess profit trumps retaliation.)

As for Latitude itself, I’m disappointed by the interface. Other than the new Javascript Maps, which I already knew to be awesome (because I use it), the navigation is awkward and gets in its own way.

“How Palm Re-Enabled iTunes Sync”

my 1.1 Pre [is] identifying itself with an Apple USB Vendor ID:

Product ID: 0x8002

Vendor ID: 0x05ac (Apple Inc.)

Version: 0.16

Manufacturer: Palm Inc.

I find it very interesting — and clever — that they deliberately leave some identifying stuff out so that they can drag this back-and-forth as long as they can: the next iTunes update will recognize the “Manufacturer: Palm” part, and the next webOS update will change it. You can be sure that version of the webOS is even already developed, and locked away in a safe.

Don’t know how they intend to win in the long run, but they’re buying time quite efficiently.

“Flash security vulnerability exploited in PDFs”

When Adobe released Acrobat 9 last year, the company introduced support for embedding Flash media in PDF files. This feature is now being used by attackers who are exploiting a new vulnerability in Adobe’s Flash media plugin. The vulnerability allows remote code execution, making it a potential vector for malware deployment.

Urgh. Kill Acrobat dead already.

25 July

Birthday parties at the Microsoft Store? Are you quite mad?

28 July

“Nicholson Baker on the Kindle”

This was what they were calling e-paper? This four-by-five window onto an overcast afternoon? Where was paper white, or paper cream? Forget RGB or CMYK. Where were sharp black letters laid out like lacquered chopsticks on a clean tablecloth?

Like Baker, I prefer reading Kindle books on my iPhone.

It’s interesting that engineers have been struggling with e-paper technology for a decade, and Apple might just be about to wipe out e-book readers with a good old backlit color screen.

“Your cure for iTunes Connect.” That’s a slogan that resonates.

Archives

2001 01 02 03 04 05 06 07 08 09 10 11 12

2002 01 02 03 04 05 06 07 08 09 10 11 12

2003 01 02 03 04 05 06 07 08 09 10 11 12

2004 01 02 03 04 05 06 07 08 09 10 11 12

2005 01 02 03 04 05 06 07 08 09 10 11 12

2006 01 02 03 04 05 06 07 08 09 10 11 12

2007 01 02 03 04 05 06 07 08 09 10 11 12

2008 01 02 03 04 05 06 07 08 09 10 11 12

2009 01 02 03 04 05 06 07 08 09 10 11 12

2010 01 02 03 04 05 06 07 08 09 10 11 12

2011 01 02 03 04 05 06 07 08 09 10 11 12

2012 01 02 03 04 05 06 07 08 09 10 11 12

2013 01 02 03 04 05 06 07 08 09 10 11 12

2014 01 02 03 04 05 06 07 08 09 10 11 12