Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > More E-Book Readers > iRex > iRex Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 07-26-2006, 04:42 PM   #1
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,582
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Restrict access to this section?

First of all: I am not a big fan of this idea. But it seems iRex is closely watching us and trying to make our lives miserable by fixing any potential security exploit on the iLiad. So what do you think if we made this forum sections "invite-only", and gave access to everyone who is actively involved in hacking the iLiad? It would give us more time to examine our options, and when we come up with better solutions, we could present them to everyone in the other iLiad section(s).

I really don't like this. But it seems it's our better chance to stand against current and future iRex efforts to sabotage our work.
TadW is offline   Reply With Quote
Old 07-26-2006, 05:01 PM   #2
R2D2
Mad Scientist
R2D2 doesn't litterR2D2 doesn't litterR2D2 doesn't litter
 
R2D2's Avatar
 
Posts: 294
Karma: 242
Join Date: May 2006
Location: Germany
Device: Zaurus, HTCMagician, iLiad
I don't like it, because I would like to honor that...

* ...they dared to sell us the unsecured device
* ...they will provite a SDK for free
* ...they seem to follow a reasonable approach so far

But I would like to get them someone on this board and to broaden the "partnership". I really do not want them to perceive us as their enemies.

From a distanced point of view I would also not say, that they sabotage our work. Because if you are honest: Wouldn't you have remove unprotected root access to a device now sold to "normal" users? I would have.

I would suggest, that we kindly ask them to share their visions about root access and SDK. Maybe Alexander could initiate that?
R2D2 is offline   Reply With Quote
Old 07-26-2006, 05:07 PM   #3
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 17,482
Karma: 10995944
Join Date: Oct 2002
Location: Switzerland
Device: Sony PRS-650 / Nexus 7 / Kindle PW
Here are my two cents:

We don't really want to restrict any parts of this forum. It's been a lot of fun so far, and I think we would only annoy our fellow readers if we'd do something like this. So that's really a no.

I've been in contact with a developer from iRex. Although I promised not to say anything about it, I can say so much that I think iRex is currently not interested in participating in our hacking efforts. The guy is actually quite nice; but I think it's his company who doesn't want him to join us (for now).
Alexander Turcic is offline   Reply With Quote
Old 07-26-2006, 05:29 PM   #4
tribble
iLiad Maniac
tribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it istribble knows what time it is
 
tribble's Avatar
 
Posts: 1,382
Karma: 2369
Join Date: Apr 2006
Location: Germany
Device: Bookeen Opus (i love that thing) and iPad (what an irony)
Yap, no restrictions here.
Lets have fun trying to get back in.
But seriously, i could wait for the SDK.
tribble is offline   Reply With Quote
Old 07-27-2006, 03:47 AM   #5
ath
Addict
ath doesn't litterath doesn't litter
 
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle
Quote:
Originally Posted by TadW
But it seems iRex is closely watching us and trying to make our lives miserable by fixing any potential security exploit on the iLiad.
I would be surprised and quite a lot disappointed if the 2.5 fixes are based only on what has appeared in this forum: that would indicate that iRex itself has no sense of security, as well as none of its B2B customers.

I do expect that some B2B customers have made their own security assessments, and reported their findings to iRex. And I do very much expect iRex to have asked a third party to do a full independent assessment by now: it's just the thing to hand over to propsective customers concerned with security. It tends to be that way: a service is developed, prospective customers want assurance that the service is secure, and the developers call in independent experts to do that evaluation. If everyone are serious, vulnerability reporting is made -- and I have been looking very eagerly for the first Bugtraq or Secunia report about the iLiad. As none has appeared, I suspect that noone involved here has made any vulnerability reports to iRex. But I may be too hasty.

Quote:
But it seems it's our better chance to stand against current and future iRex efforts to sabotage our work.
From iRex's point ov view, and that of their customers (in which group I only include B2B customers), it probably appears the other way around. Personally, I can't help wondering if describing attempts to subvert a mobile device really is in the intererest of mobile reading in general. That it may be interesting, I'm sure of ... but I would rather see that the results were handed over to iRex than published here (see http://www.oisafety.org/guidelines/G...nse%20V2.0.pdf for some related information.)
ath is offline   Reply With Quote
Old 07-27-2006, 04:31 AM   #6
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by TadW
I really don't like this. But it seems it's our better chance to stand against current and future iRex efforts to sabotage our work.
There has been no sabotage as far as I can see. The root password was a real security problem to be fixed even in their architecture: most university networks (and other unsecure industries) are crowned of worms in the local network, randomly trying for trivial holes in any connected machine. Worse, it is unlikely that a worm rightly identifies an ARM machine, so a sucessful authomated attack could install wrong binaries.

The second isue is the pdf. It is not actually a sabotage but a bug: if they do not react to hotlinks, they are not following the full pdf specifications; and there are a lot of pdfs having jumps to the footnotes and back and similar, such kind of pdf will we problematic in the iRex reader. Of course if they allow pdf-originated jumps, they have problems to control the page number. But a swift approach would be to patch the xpdf itself to output the current page number.

The 2.4 OS took control of user input over after some button was pressed; now the 2.5 takes control before, at visualisation time.


As for the question of this thread: the answer, if we are advocating for free software (with 'free' in the sense of freedom, the four freedoms and all that), the logical answer is a 'no'; the whole point is that the adventages of open development largely outweight any potential disadventage (furthermore in this particular case, where hardware patents protect iRex, one can not see how potential disadventages apply, but that should be another history to discuss).

Last edited by arivero; 07-27-2006 at 04:44 AM.
arivero is offline   Reply With Quote
Old 07-27-2006, 06:18 AM   #7
deadite66
Groupie
deadite66 began at the beginning.
 
deadite66's Avatar
 
Posts: 197
Karma: 16
Join Date: Apr 2006
Device: irex iliad, uk Kindle gen3
i wonder what irex require to get the extended SDK?
Quote:
* developers visit this web-site to register themselves as a developer;
* after registration, the iDS will send a file to your iLiad that will install the development environment automatically;
* by connecting the iLiad to your PC using the network connection you can logon to the developer environment;
* tools and an example of existing viewers can be downloaded from this web-site;
* all functions including communication, file access, touch screen input and display access are made available for the developer.
so anyone that follows that can become a developer or rather they will just entertain companies like mobipocket etc?
deadite66 is offline   Reply With Quote
Old 07-27-2006, 06:40 AM   #8
jęd
Evangelist
jęd has a complete set of Star Wars action figures.jęd has a complete set of Star Wars action figures.jęd has a complete set of Star Wars action figures.
 
Posts: 458
Karma: 293
Join Date: May 2006
Quote:
Originally Posted by deadite66
i wonder what irex require to get the extended SDK?

so anyone that follows that can become a developer or rather they will just entertain companies like mobipocket etc?
Not sure but you could always try registering and giving them a good reason to entertain you...!
jęd is offline   Reply With Quote
Old 07-27-2006, 06:43 AM   #9
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
I am happy with the unextended it the API is explained. Extended should include support, emulation and all that.
arivero is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Amazon uses DMCA to restrict where you can buy e-books Alexander Turcic Announcements 467 01-16-2011 10:08 PM
Kobo Firmware Access and Early Access Program PeterT Kobo Reader 115 08-09-2010 09:06 PM
Section breaks christineb Calibre 11 01-20-2009 06:54 PM


All times are GMT -4. The time now is 02:45 PM.


MobileRead.com is a privately owned, operated and funded community.