[News] So, every Substrate extension compiled with the broken fork of Theos from @hbkirb needs to be recompiled without https://t.co/PY53ltoK7x. :/

saurik · 3日前

You seem to have a very flawed model of who is involved in what ways. It is actually generally my responsibility to be the bullhorn to warn users that there is a massive problem in a large number of Substrate extensions; it is important that users know when there are tons of extensions with some random bug. It absolutely falls on my shoulders to tell the massive community of developers, many of whom are using Theos because documentation SaurikIT has helped maintain or that SaurikIT explicitly wrote, tells people to use Theos. This is an issue that affects everyone in the jailbreak community, and isn't something the developers of this specific, very recent fork of Theos (which is why it is so important to explain that it is Kirby's fork; a lot of people are still using forks from other developers, whether or not you want to argue that less than two months ago his fork got semi-blessed due mostly to everyone who used to work on it no longer caring enough) could coordinate explaining to people even if they wanted to: they just don't have the reach. It makes no sense that I am seriously having to defend warning people of an ecosystem-level bug.

saurik · 3日前

FWIW, I do. He has gone out of his way on a public medium to make sure everyone knows he is working on something, and then to keep everyone in suspense as to when and how it will be done. He provides minimal details, so as to keep everyone in a perpetual state of "is this even for real"? And, all the while, he complains about the attention and reacts to even non-entitled questions with blocks and curses.

Can you imagine planetbeing, comex, or anyone from Pangu just out right telling someone "fuck. off." when asked, seemingly quite politely, if they should upgrade to 9.3 or wait on 9.2? Or saying to the world stuff like "do not cold tweet me about jailbreak shit. fuck off" as a reaction to receiving large numbers of messages asking questions about work they purposely told the entire world about? I can't.

saurik · 3日前

FWIW, if there is any issue in the jailbreak on that specific device (and there are tons of reasons that the jaipbreak might have a minor glitch on a different piece of hardware), releasing now could decrease the amount of time he has to fix the problem.

Though, given that people are anticipating a rapid 9.3.1 release anyway, it isn't clear that matters unless he imagines a high probability of just not releasing anything if he runs into a problem and waiting for some subsequent event, in which case he really should just not be taunting people with a release like this... I dunno.

saurik · 3日前

I have no way of knowing if he has nothing: I have no clue who he is; but Luca seemed to be vouching for him, which provides more information than my "dunno". But please don't include me in the list of "reasons why he isn't fake": if it were entirely up to me, I would definitely say "we shouldn't bother talking about jailbreak rumors".

saurik · 3日前

FWIW, people on other threads were saying that he contacted me as a reason why he was legitimate when all he had done was (finally) send me a message, before he had actually gotten a response.

saurik · 3日前

I do, actually: the code generated by "Logos" (the distinction here with Theos is kind of irrelevant given that Logos is a sub-project of Theos at this point, and just makes things more confusing to talk about with random people...) really needs to be a lightweight generator for Substrate. It needs to not be adding random (yes: "random") functionality that compiles new API dependencies directly into the target binaries. The entire reason Substrate exists as a library with an API for something so seemingly simple as swapping out a method on an Objective-C class is to make certain we can centrally fix issues as they arise and not recompile all extensions. This has been valuable on multiple occasions, and one of those was specifically related to this API (class_getInstanceMethod), which we have known is not usable in this context for the past four years.

But like, when we first started using it (in both Substrate itself and in Ryan's "internal" generator, which is itself a horrible idea :/) that API was fine: Apple changed its functionality out from underneath us, and in so doing broke all extensions. I was able to fix Substrate centrally. Ryan had to recompile all his extensions (which was OK when the only person doing that was Ryan, as he was even he person who often first noticed these corner case bugs ;P). Whether or not you think you know how an API works or what the side effects and ramifications of its use are, it isn't OK to be compiling these extra dependencies into peoples' binaries. If there is critical functionality, we should fix it in Substrate. If it is just random functionality (especially something that would require an API change for almost no benefit), we should do better without.

saurik · 3日前

Define "delivery method". I was talking to users and developers (of people who were not working on Theos itself). I was neither trying to contact developers of Theos nor was I complaining that developers of Theos had not responded (as was the case with @enMTW). I had, in fact, already been talking with a developer of Theos. An interactive conversation.

saurik · 4日前

The symptom was first discovered by /u/angelXwind. I worked with her to find out the underlying problem (which I noticed immediately upon seeing the output from the generator, as this is a mistake that has been well-understood for over four years). She said to me "for the time being i'm going to push my changes", which is something she can do as she's one of the people who has a commit bit on this fork of Theos; and it was immediately after she said that that I posted a PSA tweet to everyone else to make certain they knew about the problem: this affects users and cannot be fixed centrally; to the extent to which this is causing problems, it requires everyone else to recompile their software with a working version of Theos (which may or may not come from this repository). It was then within minutes after I posted the Tweet that the fixed version had been committed. No: I didn't file an issue; I was working directly with a developer who could immediately address the problem, at the request of that same developer. There would be absolutely no value at that point in also filing an issue: that would be a waste of everyone's time given that the fix would already have been committed by the time I finished typing the issue, and it wouldn't make any of the everyone who is affected by this issue know that there is a problem and that the compiled binaries are broken.

saurik · 4日前

OK, this is actually accidentally insulting despite effectively coming to a correct conclusion. Cutting to the chase: I have developed multiple extremely well-used and in one case "de facto standard" tools used to jailbreak Android devices. (I even have my own implementation of the Linux futex_requeue exploit, which is not only a really difficult exploit to pull off at all but I explained the way mine works to geohot and he found it impressive as I'd figured out a better way to exploit it than he had.)

I give talks at conferences on how exploits work, something I also teach occasionally to the Computer Science classes at the College of Creative Studies (where I am an awkward form of adjunct faculty). I wrote the first decompiler for .NET, a tool which was even used by people at Microsoft to do tests of some of their compilers for a while, so I definitely have a background in overall reverse engineering work, and I've worked on reverse engineering tools for native software as well.

Substrate itself actually requires an extreme level of knowledge of ARM, as does (I'd hope obviously) working on a compiler, which is one of the first things I did for the iOS community: I fixed up and ended up taking over (when the original developers "saw their out", made me an administrator, and none of us ever heard from them again) the alternative iOS toolchain project. A lot of the stuff I work on for this community is the low-level stuff that you are claiming is over my head.

The way in which you are likely correct, though, is that building jailbreaks is like panning for gold, and doing end-to-end exploits on iOS is extremely complex work. I was involved in an implementation of a full jailbreak for iOS 7, and as a single person I really can't do all of that and everything else; and while things are actually easier now due to Xcode 7, it is also much harder due to the kernel mitigations (like, the real issue here is that jailbreaking is too hard for everyone).

Even if I could pull all of this off myself, I probably would not want to, as all of the people I really liked in this community have left, and the people who are bothering to remain (which is kind of the correct wording: there is a lot less direct reason to jailbreak devices, at least in the United States) are increasingly argumentative. I am actively trying to find other things to do with my life. So, really: the premise is flawed; instead of asking "could", you need to ask the question "would".

(cc: /u/Shiningtoaster)

saurik · 4日前

You have to look at this from the perspective of the community as a whole, not the perspective of a single developer. We have no clue how many extensions are broken in what configurations for how many people, and if Apple decides to make more changes to this method going forward we will have a massive obsolete fleet of software with this mistake looming. Theos really needs to not shift random functionality into the generated code, especially not for something as questionable as logging color codes.

saurik · 4日前

So, first of all, a full 13% of "active users of Cydia" (as defined by "bothered to open Cydia in the past month") are running either iOS version 5 or 6, a number which underestimates the number of people using these versions of iOS as people running iOS 9.1 would have just jailbroken recently (and so their usage is "forced") and people running iOS 9.0 have both more "incentive" (new stuff specifically designed for their use) and "interest" (as they haven't already gotten bored of checking Cydia all the time). A lot of people use old iOS.

Second, the idea of flagging this with "sometimes" to minimize the problem is extremely arrogant. We are dealing with a community of tens of millions of users. This class of bug (classes being initialized as they are hooked) is an extremely well-worn bug that has directly affected an insanely large number of people. This is a serious bug.

Third, even finding all the extensions that are broken, much less asking hundreds of people who often aren't even around anymore to recompile their software, is not just "hard", it is next to impossible. We know this from experience. Hell: we have painful experience due to this exact API when Apple broke it years ago :/.

The entire reason Substrate has an API for stuff like this is to make certain that implementation details don't end up compiled into binaries, which allows us to fix issues as they come up without "recompiling the world". I mean, look at how long it took us to get people to recompile all released extensions with the 0x4000 page alignment (a case that, unlike this one, couldn't be fixed by just being more careful ahead of time), and that was a case where it was trivial to detect in the binary and a semi-obvious symptom to the user.

Finally, the entire concept that this is only an issue on iOS 6 should be called into question: Apple broke this on iOS 5 and possibly fixed this on iOS 7, but seems to have only done it begrudgingly because of some "historical" reasons, which is the kind of reason that Apple does not like to tolerate. We should expect this to change again randomly.

And even now, it isn't clear that they fully "fixed" the behavior: there is a comment in the code which clearly says that it "tries to avoid +initialize (but sometimes fails)". This isn't a case of "this has always worked this way and it will always work this way: the developers are extremely careful to preserve this behavior even though it is documented in a way that is sketchy"; this is a case of "this code hasn't always worked this way, the developers don't seem to like that it had to work this way, and it might not even work this way right now".

saurik · 1ヶ月前

You essentially try to talk to me every few hours of every single day, by every single mechanism people come up with to try to send me messages, so I have figured out ways of squelching most of these messages :(. I provided a status update on the process of building a way to figure out all the historical payments you missed by having a non-functional PayPal account (which involves months of payments you claim to have missed, which means my manual processes for dealing with this look extremely onerous) at some point that to me still feels extremely recently: that is still the current status. I intend to reach back out to you when I build out a better system for this.

saurik · 1ヶ月前

1) I am staring at logs where you talk about providing hosting to the people behind apptrackr, and even state "I'm sure a valid Dutch copyright claim will come very soon". 2) I actually had just changed the wording of the thing you quoted unrelated to your message (as we simply had happened to be looking at this around the same time), because it implied more direct causality than I had meant to imply, but the idea is that eventually all of this grinds on you, and britta was on the front lines of dealing with all of you and this hate much more than I ever was :/.

saurik · 1ヶ月前

Luca is one of the people involved in this song, and is someone who has never shied away from this kind of behavior himself: it would be rather hypocritical for him to use toxicity as a card for the reasons why he would leave. I told him the "Britta Roll Up" he had in his recent jailbreak demo video was essentially out of line given the negative history of interaction he and his friends have had towards her (they essentially had the goal of instilling fear and griefed her constantly), and he made some excuses and essentially blew me off. He has been rather centrally involved in the people who go around hacking people and hating on everyone himself, and has for a very long time (he used to, and probably still does, provide hosting and other services for various piracy projects)... it is difficult for me to feel sympathy for his complaints, though I maintain no one should be toxic towards anyone, even the people who effectively are "starting shit" :/.

saurik · 1ヶ月前

Wait, so iFunBox doesn't work with more recent versions of iOS?

saurik · 1ヶ月前

Open your eyes,

saurik · 1ヶ月前

FWIW, there's a lot of toxicity to go around: you are pasting a screenshot of people being toxic towards enMTW and talking about them being toxic towards qwertyoruiop, but these same people trade around and even participate in products such as this song. While I don't think anyone should be hateful even at people who are hateful, it shows only one side of the story to talk about people who may be entitled without calling the other side out as well: if you start tracing through the patterns of people involved in these issues, you will find that there's essentially this toxic pit of people sitting at the center that manage to simultaneously encourage toxic behavior at the same time as they try to garner sympathy for people being toxic towards them.

saurik · 1ヶ月前

I honestly hadn't heard about this guy before today, so I can't answer directly. He had apparently submitted a sketchy-looking talk to JailbreakCon last year, but I wasn't involved in reviewing those. He seems to be strongly connected with jk, who runs Kim Jong Cracks and was the ripBigBoss guy, and the best explanation for why he hates me is probably "because he and his friends don't like anything that even sort of looks like establishment".

saurik · 1ヶ月前

FWIW, I have not been contacted. I know about this only because of these posts on the subreddit, and given that this person clearly hates me quite a bit, I doubt they would even consider reaching out to me.

saurik · 1ヶ月前

This is easily fact checked, and seems to be legitimate: the lyrics of the song in question seriously has "if I see saurik, he get killed" as part of the refrain. Did you even try to look into this? (edit: This comment was written as a response to /u/whitestethoscope, who tried to claim "No he's not. Stop spewing bullshit with a throwaway account.".)

saurik · 2ヶ月前

Cydia is undergoing some maintenance (database server upgrade) and will be back online very shortly.

saurik · 2ヶ月前

FWIW, I don't agree with your argument on this. We can just replace the video with some text that says "somehow the file /usr/libexec/cydia/cydo loses its setuid and setgid file permission flags, which can be reset using a tool such as iFile" and then we don't have this problem.

saurik · 2ヶ月前

That's the entire point of releasing code under the GPL and LGPL: If a company you don't like starts using it, you sue them.

I think, despite the massive bold font sizes you are using to draw attention to the things you are writing (which is always a bad sign :/), you don't understand how these licenses work or what the underlying threat model I care about here is: Substrate was open source twice in its life, once under BSD and once under LGPL, and as far as I can tell the same underlying problem (that there exists sufficient motivation in the community of developers and sufficient lack of care in the community of users to utilize a fractured set of closed stacks rather than a unified open stack) exists with usage of either license.

You've become the walled garden with very low walls, with the ability to raise those walls at any time and become like Apple.

I don't control the jailbreak tools themselves, so there's actually a rather interesting check and balance against this weird threat model you have come up with happening. Regardless: I maintain that this threat model happens instantaneously in your preferred future, as the only serious attempts to build alternative stacks have always stressed the importance of DRM at their core.

Much like the people who vote away their freedoms in the name of security, you've done the same by closing your software that you made in the name of freedom and jailbreaking, by holding the community away from themselves being able to work with Substrate, etc.

You continue to try to appeal to some intrinsic interest I have in people having access to this technology in the abstract: my only interest in any of this technology is to try to work towards an open ecosystem for everyone on every device in the long term.

What you are essentially trying to do is to force me to do something I have no interest in doing, for you, for free. You want me to work on writing Substrate, something that is really hard to do and which I only take occasional and momentary joy constructing, and give it directly to the people who will use it to do things that I don't want to exist.

Again, I reiterate my point: if you truly believe in free software, hardware, and open platforms, release your source code with a licence where people can only use it if they keep the source code open.

You left out "free hardware and open platforms" in your list of requirements. GPLv3 sort of helps with "free hardware", but it doesn't help with "open platforms". I don't know of any source code license that would be capable of protecting the thing I actually bother to do any of this work to accomplish, and it is weirdly selfish of you to demand that I undermine the goal I'm actually fighting for here.

Essentially, you are working with an extremely naive concept of what the goal of open is, one that is entirely rooted in "open source". As I have stated: I think that "open source" is a short term and often even short-sighted goal. The GPLv2 was somewhat interesting, but it totally failed because it concentrated on source code and someone realized they could sidestep the entire problem with closed hardware. From my perspective, the GPLv2 is essentially useless: anything less than GPLv3 accomplishes absolutely nothing.

Now, let's take a step back: one could argue I should license Substrate itself under GPL. Ignoring for a second that that is illegal on the face of it (any third-party app installed from the App Store cannot be linked against a GPL library, such as Substrate, even dynamically when the executable binds), the reason why this sounds cool is because "we like free software, and having free software is really important, and that's why saurik advocates for GPL in the first place".

However, the entire reason I wrote Substrate is to back a platform whose purpose is, in turn, to exist to be able to make an argument that we need to be able to have access to our hardware. Frustratingly, a world where there are a ton of only-free extensions in existence is a world where jailbreaking is effectively illegal, as the argument the copyright office is most interested in hearing is "there was a market involving actual money where people doing this thing built stuff of value and then sold it to other people for a profit".

Therefore, for the end goal of "hardware needs to be open", with the intermediate step of "make the copyright office think there is some value to doing this", we actually can't release core platform components under extremely free software licenses, as that will fail to build a commercial ecosystem of copyrightable intellectual property that can be used to build a record that there is a reason why we should keep any of this hardware open at all. Now that we are already falling backwards, I believe that I can make, and in fact already have made, an argument for why I felt the need to fall all the way back to "closed source" as the only way to pull off this particular trick.

Interesting, right? This is the world in which I live: the only thing I care about is being able to make that argument to the copyright office. In all seriousness, the only thing I have enjoyed doing in the past two years of working on this miserable platform and having all of these damned arguments with everyone about any number of different "why" questions was when I stood before the copyright office panel as someone in the middle of a profitable ecosystem and was able to impress the hell out of them with some testimony about Cydia and they thought I wasn't some crazy weirdo. I hate this job and I hate everything about it every single day that I'm forced to spend any of my life working on it: you are insanely lucky that I wrote any of this supposedly-unique stuff in the first place, much less continue to work on it today :/.

This is actually something in here that is very similar to the stereotypical moral question of "there is a train about to run into ten people; you can flip a switch and choose to make the train follow a different track and kill one other person instead; do you do this to kill fewer people, or does this feel like murder?". Personally, I have not found a way to allow Substrate--which is honestly a rather tiny amount of code in the grand scheme of things--to be open source while still demonstrating the value of open hardware and simultaneously showing that this can be done on top of an open platform. This is the one person I killed to save nine.

If you really really hate me and really want me to go away and stop making the world worse, under your definition of what it means to make the world worse, it is really really simple: just reimplement my software, name it something other than Cydia (which I shouldn't have to mention, but people have been really stupid about this), and get some users to use it (or if you want to do it really quickly, convince BigBoss to support it): that will get rid of me really quick, as I've pretty much been at my snapping point now for quite a while; and you have an existence proof that it shouldn't take more than one really smart person to do it, as clearly I'm nothing more than one really smart person (I promise I'm not a hive mind: I pinky swear ;P).

saurik · 2ヶ月前

"what he did to rockyourphone" == "spending $1 to buy an unprofitable company based around code that only sort of worked but which people used because they absolutely wanted to install MyWi"

saurik · 2ヶ月前

Is a direct lie. You have claimed that Subtrate and Cydia installer "are only not tied together due to happenstance of technology but which are intrinsically tied legally, economically, and even user-experientially". This is a direct quote of you, from here. Your own words state that not only are they tied together, you aim to bind them together even more.

OK, you are "moving the goal posts". What you seemed to mean before by "tied together" was "one required the other to exist". What I was discussing back in that thread on Hacker News is the idea that there is no value to a tool such as Cydia Installer without a framework like Cydia Substrate.

Really, the goal of that discussion on Hacker News is that someone wants to get from me something (Substrate) that took forever for me to build and takes me herculean effort to maintain (especially on such ludicrously short time frames), and then use it to "compete" with me on something I would say I do a surprisingly good job at and which people weirdly seem to not be very good at building but which I would have assumed any idiot could do correctly (a payment processing mechanism), which in turn bleeds away the resources I have to do the things I think are important in life (such as maintaining parts of the jailbreak ecosystem) that led me to write Substrate in the first place. It is essentially an inane argument that had been being made, and is not the same thing you mean by "tied".

What you need to do is to take a deep breath... and relinquish control. At some point, the community may take it away from you- and that's ok.

I consider it a moral imperative to hold out until that happens, at which point I will simply leave and you will be left with the thing you wished for: something like Rock Your Phone with an end-to-end closed source stack that is entirely designed to figure out how to best commercialize the ecosystem.

Seriously: a pattern of these systems is that they like the idea of owning the entire stack so they can force the user to swallow a bunch of DRM; they then advertise themselves to commercial software developers as being less open than the Cydia ecosystem, so they can totally block any and all piracy.

This is made all the more ironic when you consider that the entire point of jailbreaking is to allow people to escape Apple's ecosystem, and yet the first thing they download is Cydia, and the tweaks they download are all built on a closed source Substrate.

I fundamentally believe the mission of open hardware and open platforms is a long term and critically important goal, while the mission of open software is a short term and often even short-sighted goal. I keep this one component of mine closed as my weapon in a fight to keep the rest of the platform open.

One possible solution, is instead of putting Substrate under a BSD licence, put it under a LGPL licence, so that companies that aren't connected to the community can't take it over.

I would rather delete the source code for Substrate and leave than release it under LGPL and watch the ecosystem get taken over by the commercial leaches that will undermine the entire reason I'm fighting this battle in the first place. I honestly have absolutely zero interest in the concept of "jailbreaking" with respect to anything other than the mission of trying to make certain you can continue to install anything you want on hardware you own (and preferably in the long term: I want it to be illegal for Apple to even build closed platforms such as the iPhone).

Seven-Year Club	Verified Email
Rally Monkey Tent number = 2	reddit gold Charter Member
Charter Member

saurik

次のモデレーターです

トロフィーケース

本日のreddit gold目標額達成率