iPhone Firmware Update 2.02 released

In message <[email protected]> "Jo Baggs"
<[email protected]> wrote:

>Yeah,
>good question. What exactly is the error rate? Never mind, I wouldnt know
>what the answer means anyway.
>
>So, should I keep my 1st Generation iPhone?

Unless you need a new phone, I'd wait and see right now. That being
said, I haven't had any real significant problems, no dropped calls.

---

› See More: iPhone Firmware Update 2.02 released

In message <[email protected]> David Moyer
<[email protected]> wrote:

>DevilsPGD <[email protected]> wrote:
>
>> >> Like making iPod Touch users pay to have product defects fixed? Is that
>> >> your definition of "the right thing?
>> >
>> >Apple has no choice, "It's the LAW".
>>
>> Not at all.
>>
>> They have released several security fixes in the past, but now that a
>> paid upgrade is available, the free defect fixes have dried up.
>
>it only applies to additional features, or "value" compared to the
>original shipped item,

That is correct.

>not bug fixes or maintenance releases.

And yet, the only way to apply the much needed security fixes to a 1.1.x
device purchased a month before OS 2.0.0 came out is to pull out the
credit card (or other applicable payment method)

>> What they could do is to charge $1.99 for the upgrade. Another option
>> would be $20, with a $20 iTunes credit or $20 AppStore-only credit.
>
>no, they would run afoul of the law by not charging an appropriate
>amount.

They're charging the same $20 as now.

>and giving a "kickback" would be seen as cooking the books so
>that's no good either.

Loss-leaders aren't suddenly illegal are they?

Sell the razor below cost, make money on the blades.

Sell access to the store below cost, make money on the applications.

In article <[email protected]>,
DevilsPGD <[email protected]> wrote:

> >it only applies to additional features, or "value" compared to the
> >original shipped item,
>
> That is correct.
>
> >not bug fixes or maintenance releases.
>
> And yet, the only way to apply the much needed security fixes to a 1.1.x
> device purchased a month before OS 2.0.0 came out is to pull out the
> credit card (or other applicable payment method)

there are no critical security needed for 1.1.x

you can always download it for free.

http://thepiratebay.org/torrent/4287...rmware_Upgrade

> >> What they could do is to charge $1.99 for the upgrade. Another option
> >> would be $20, with a $20 iTunes credit or $20 AppStore-only credit.
> >
> >no, they would run afoul of the law by not charging an appropriate
> >amount.
>
> They're charging the same $20 as now.
>
> >and giving a "kickback" would be seen as cooking the books so
> >that's no good either.
>
> Loss-leaders aren't suddenly illegal are they?
>
> Sell the razor below cost, make money on the blades.
>
> Sell access to the store below cost, make money on the applications.

yeah, but apple has never been much on making money, it's just not their
aim.

Jo Baggs wrote:
> Yeah,
> good question. What exactly is the error rate? Never mind, I wouldnt
> know what the answer means anyway.
>
> So, should I keep my 1st Generation iPhone?

Never buy early production of any complex product, be it a smart phone,
a vehicle, digital camera, etc. Always wait six months to a year (don't
buy the first year of any new model vehicle).

There are always problems that are found by the early adopters, and
corrected in later production. It's often not possible to fix the early
production with recalls. Usually the problems are such that they affect
the usability and reliability, but not to a degree where they are so
unusable that they have to be recalled. Sometimes the long-term
reliability is affected, but the producer won't make any repairs unless
it actually breaks, maybe extending the warranty slightly, but not enough.

Often a bug in one of the large scale integrated circuits will be found
that can only be corrected in a new rev of the chip. Revving a chip can
easily take six months between the time the bug is found, the problem
solved, new masks made, new wafers run, packaging, testing, and production.

Todd Allcock <[email protected]> wrote in
news:[email protected]:

> At 20 Aug 2008 12:09:58 -0600 David Moyer wrote:
>
>> > Again, connectivity issues have been reported in Europe as well-
>> > this isn't AT&T's fault, (except for the slow speeds!)
>>
>> go complain here -------
>>
>> http://seekingalpha.com/article/9179...or-3g-s-perfor
>> man ce-in-the-iphone
>
>
> Why is it you never post the source of your "info" until someone
> shoots holes through it?
>
>
>

Because conjecture and dreams have no source??

In message <[email protected]> David Moyer
<[email protected]> wrote:

>In article <[email protected]>,
> DevilsPGD <[email protected]> wrote:
>
>> >it only applies to additional features, or "value" compared to the
>> >original shipped item,
>>
>> That is correct.
>>
>> >not bug fixes or maintenance releases.
>>
>> And yet, the only way to apply the much needed security fixes to a 1.1.x
>> device purchased a month before OS 2.0.0 came out is to pull out the
>> credit card (or other applicable payment method)
>
>there are no critical security needed for 1.1.x

Now I know you're either lying, or simply uninformed. There are
actually quite a few, ranging from being able to crash the device
remotely to spoofing, all the way up to remote code execution.

1) CFNetwork
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses CVE-2008-0050, a spoofing
vulnerability. Apple says " A malicious HTTPS proxy server may return
arbitrary data to CFNetwork in a 502 Bad Gateway error, which could
allow a secure website to be spoofed. This update addresses the issue by
not returning the proxy-supplied data on an error condition."

2) Kernel
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-0177. Apple explains: "An undetected failure condition
exists in the handling of packets with an IPComp header. Sending a
maliciously crafted packet to a system configured to use IPSec or IPv6
may cause an unexpected device reset. This update addresses the issue by
properly detecting the failure condition."

3) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-1588. Apple explains: "When Safari displays the current
URL in the address bar, Unicode ideographic spaces are rendered. This
allows a maliciously crafted website to direct the user to a spoofed
site that visually appears to be a legitimate domain. This update
addresses the issue by not rendering Unicode ideographic spaces in the
address bar."

4) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability within
CVE-2008-1589. Apple says " When Safari accesses a website that uses a
self-signed or invalid certificate, it prompts the user to accept or
reject the certificate. If the user presses the menu button while at the
prompt, then on the next visit to the site, the certificate is accepted
with no prompt. This may lead to the disclosure of sensitive
information." Apple credits Hiromitsu Takagi with reporting this
vulnerability.

5) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the arbitrary code execution
vulnerability within CVE-2008-2303. Apple explains "A signedness issue
in Safari's handling of JavaScript array indices may result in an
out-of-bounds memory access. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing additional
validation of JavaScript array indices." Apple credits SkyLined of
Google for reporting the vulnerability.

6) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the cross-site scripting
vulnerability details within CVE-2006-2783. Apple explains "Safari
ignores Unicode byte order mark sequences when parsing web pages.
Certain websites and web content filters attempt to sanitize input by
blocking specific HTML tags. This approach to filtering may be bypassed
and lead to cross-site scripting when encountering maliciously-crafted
HTML tags containing byte order mark sequences. This update addresses
the issue through improved handling of byte order mark sequences." Apple
credits Chris Weber of Casaba Security for reporting the vulnerability.

7) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-2307. Apple says "A memory corruption issue exists in
WebKit's handling of JavaScript arrays. Visiting a maliciously crafted
website may lead to an unexpected application termination or arbitrary
code execution." Apple credits James Urquhart for reporting the
vulnerability.

8) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-2317. Apple explains "A memory corruption issue exists
in WebCore's handling of style sheet elements. Visiting a maliciously
crafted website may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved garbage collection." Apple credits Peter Vreudegnhil working
with the TippingPoint Zero Day Initiative for reporting the
vulnerability.

9) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2007-6284. Apple says "A memory consumption issue exists in
the handling of XML documents containing invalid UTF-8 sequences, which
may lead to a denial of service."

10) Safari
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-1767. Apple says "A memory corruption issue exists in
the libxslt library. Viewing a maliciously crafted HTML page may lead to
an unexpected application termination or arbitrary code execution."
Apple credits Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans
of Google Security Team for reporting the vulnerability.

11) WebKit
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-1590. Apple says "A memory corruption issue exists in
JavaScriptCore's handling of runtime garbage collection. Visiting a
maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution." Apple credits Itzik Kotler and
Jonathan Rom of Radware for reporting the vulnerability.

12) WebKit
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-1025. Apple says "An issue exists in WebKit's handling
of URLs containing a colon character in the host name. Accessing a
maliciously crafted URL may lead to a cross-site scripting attack. This
update addresses the issue through improved handling of URLs." Apple
credits Robert Swiecki of the Google Security Team, and David Bloom for
reporting the vulnerability.

13) WebKit
This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
v1.1 through v1.1.4. The update addresses the vulnerability detailed
within CVE-2008-1026. Apple says "A heap buffer overflow exists in
WebKit's handling of JavaScript regular expressions. The issue may be
triggered via JavaScript when processing regular expressions with large,
nested repetition counts. This may lead to an unexpected application
termination or arbitrary code execution." Apple credits Charlie Miller
of Independent Security Evaluators for reporting the vulnerability

>> >and giving a "kickback" would be seen as cooking the books so
>> >that's no good either.
>>
>> Loss-leaders aren't suddenly illegal are they?
>>
>> Sell the razor below cost, make money on the blades.
>>
>> Sell access to the store below cost, make money on the applications.
>
>yeah, but apple has never been much on making money, it's just not their
>aim.

How much money do you think Apple is making from the AppStore?

According to Apple, $30 million in sales, $21 million of which gets paid
out to the applicatoin authors. Now ignoring whatever profit Apple can
make on that money in the period between making the sale and paying the
author, that still leaves $9 million in the first month.

Give away the razor (that's the OS upgrade), sell the blades (the apps)

DevilsPGD wrote:

> Now I know you're either lying, or simply uninformed.

LOL, you just figured that out?

Larry <[email protected]> wrote:

> > now that the options issue has blown over it will interesting to see if
> > Apple will relax, resume free feature upgrades (without accounting for
> > them), and try and fight the letter of law if they are ever hauled into
> > court.
> >
>
> Wow! Nokia is in REAL trouble! They just gave me my SECOND free Operating
> System, Maemo Linux OS2008 Diablo. It's just LOADED with really neat new
> features we users have been begging for these last 6 months.
>
> They better be careful or someone's gonna haul Nokia into court! They're
> giving away tons of free upgrades with sellphones, loaded with new
> features. NONE of the customers have been complaining, however....(c;.
>
> ....including ME!
>
> Thanks, Nokia!

nokia isn't an american company larry, thus are not governed by the SOX
law. please THINK larry.

"Jo Baggs" <[email protected]> wrote:

> Yeah,
> good question. What exactly is the error rate? Never mind, I wouldnt know
> what the answer means anyway.
>
> So, should I keep my 1st Generation iPhone?

2% or about 60,000 units. the 2.0.2 updated fixed most of them, but not
all.

"MC" <[email protected]> wrote in message news:[email protected]...
| In article <[email protected]>,
| David G. Imber <[email protected]> wrote:
|
| > In case anyone wasn't aware. Haven't really tested for what it
| > might fix yet.
|
| I installed it - don't see any difference.

Seriously? I've got more bars in more places!

(Actually, that's true, but I can't see any difference in actual performance... just more bars.)

--Mike-- Chain Reaction Bicycles
www.ChainReactionBicycles.com

In article <[email protected]>,
DevilsPGD <[email protected]> wrote:

> >> And yet, the only way to apply the much needed security fixes to a 1.1.x
> >> device purchased a month before OS 2.0.0 came out is to pull out the
> >> credit card (or other applicable payment method)
> >
> >there are no critical security needed for 1.1.x
>
> Now I know you're either lying, or simply uninformed. There are
> actually quite a few, ranging from being able to crash the device
> remotely to spoofing, all the way up to remote code execution.
>
> 1) CFNetwork
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses CVE-2008-0050, a spoofing
> vulnerability. Apple says " A malicious HTTPS proxy server may return
> arbitrary data to CFNetwork in a 502 Bad Gateway error, which could
> allow a secure website to be spoofed. This update addresses the issue by
> not returning the proxy-supplied data on an error condition."
>
> 2) Kernel
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-0177. Apple explains: "An undetected failure condition
> exists in the handling of packets with an IPComp header. Sending a
> maliciously crafted packet to a system configured to use IPSec or IPv6
> may cause an unexpected device reset. This update addresses the issue by
> properly detecting the failure condition."
>
> 3) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-1588. Apple explains: "When Safari displays the current
> URL in the address bar, Unicode ideographic spaces are rendered. This
> allows a maliciously crafted website to direct the user to a spoofed
> site that visually appears to be a legitimate domain. This update
> addresses the issue by not rendering Unicode ideographic spaces in the
> address bar."
>
> 4) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability within
> CVE-2008-1589. Apple says " When Safari accesses a website that uses a
> self-signed or invalid certificate, it prompts the user to accept or
> reject the certificate. If the user presses the menu button while at the
> prompt, then on the next visit to the site, the certificate is accepted
> with no prompt. This may lead to the disclosure of sensitive
> information." Apple credits Hiromitsu Takagi with reporting this
> vulnerability.
>
> 5) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the arbitrary code execution
> vulnerability within CVE-2008-2303. Apple explains "A signedness issue
> in Safari's handling of JavaScript array indices may result in an
> out-of-bounds memory access. Visiting a maliciously crafted website may
> lead to an unexpected application termination or arbitrary code
> execution. This update addresses the issue by performing additional
> validation of JavaScript array indices." Apple credits SkyLined of
> Google for reporting the vulnerability.
>
> 6) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the cross-site scripting
> vulnerability details within CVE-2006-2783. Apple explains "Safari
> ignores Unicode byte order mark sequences when parsing web pages.
> Certain websites and web content filters attempt to sanitize input by
> blocking specific HTML tags. This approach to filtering may be bypassed
> and lead to cross-site scripting when encountering maliciously-crafted
> HTML tags containing byte order mark sequences. This update addresses
> the issue through improved handling of byte order mark sequences." Apple
> credits Chris Weber of Casaba Security for reporting the vulnerability.
>
> 7) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-2307. Apple says "A memory corruption issue exists in
> WebKit's handling of JavaScript arrays. Visiting a maliciously crafted
> website may lead to an unexpected application termination or arbitrary
> code execution." Apple credits James Urquhart for reporting the
> vulnerability.
>
> 8) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-2317. Apple explains "A memory corruption issue exists
> in WebCore's handling of style sheet elements. Visiting a maliciously
> crafted website may lead to an unexpected application termination or
> arbitrary code execution. This update addresses the issue through
> improved garbage collection." Apple credits Peter Vreudegnhil working
> with the TippingPoint Zero Day Initiative for reporting the
> vulnerability.
>
> 9) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2007-6284. Apple says "A memory consumption issue exists in
> the handling of XML documents containing invalid UTF-8 sequences, which
> may lead to a denial of service."
>
> 10) Safari
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-1767. Apple says "A memory corruption issue exists in
> the libxslt library. Viewing a maliciously crafted HTML page may lead to
> an unexpected application termination or arbitrary code execution."
> Apple credits Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans
> of Google Security Team for reporting the vulnerability.
>
> 11) WebKit
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-1590. Apple says "A memory corruption issue exists in
> JavaScriptCore's handling of runtime garbage collection. Visiting a
> maliciously crafted website may lead to an unexpected application
> termination or arbitrary code execution." Apple credits Itzik Kotler and
> Jonathan Rom of Radware for reporting the vulnerability.
>
> 12) WebKit
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-1025. Apple says "An issue exists in WebKit's handling
> of URLs containing a colon character in the host name. Accessing a
> maliciously crafted URL may lead to a cross-site scripting attack. This
> update addresses the issue through improved handling of URLs." Apple
> credits Robert Swiecki of the Google Security Team, and David Bloom for
> reporting the vulnerability.
>
> 13) WebKit
> This patch affects users of iPhone v1.0 through v1.1.4, and iPod Touch
> v1.1 through v1.1.4. The update addresses the vulnerability detailed
> within CVE-2008-1026. Apple says "A heap buffer overflow exists in
> WebKit's handling of JavaScript regular expressions. The issue may be
> triggered via JavaScript when processing regular expressions with large,
> nested repetition counts. This may lead to an unexpected application
> termination or arbitrary code execution." Apple credits Charlie Miller
> of Independent Security Evaluators for reporting the vulnerability

you've list a few bugs, but no serious security issues.

learn the difference.

> >> >and giving a "kickback" would be seen as cooking the books so
> >> >that's no good either.
> >>
> >> Loss-leaders aren't suddenly illegal are they?
> >>
> >> Sell the razor below cost, make money on the blades.
> >>
> >> Sell access to the store below cost, make money on the applications.
> >
> >yeah, but apple has never been much on making money, it's just not their
> >aim.
>
> How much money do you think Apple is making from the AppStore?
>
> According to Apple, $30 million in sales, $21 million of which gets paid
> out to the applicatoin authors. Now ignoring whatever profit Apple can
> make on that money in the period between making the sale and paying the
> author, that still leaves $9 million in the first month.
>
> Give away the razor (that's the OS upgrade), sell the blades (the apps)

yes, but money isn't the goal, changing the world is... and Apple is the
top company by that measurement. yes, money is fine because it allows
your vision to be realized faster, but money has never been much of a
draw to apple or steve jobs, it's a side effect of making great products.

Mike Jacoubowsky wrote:
> "MC" <[email protected]> wrote in message news:[email protected]...
> | In article <[email protected]>,
> | David G. Imber <[email protected]> wrote:
> |
> | > In case anyone wasn't aware. Haven't really tested for what it
> | > might fix yet.
> |
> | I installed it - don't see any difference.
>
> Seriously? I've got more bars in more places!
>
> (Actually, that's true, but I can't see any difference in actual performance... just more bars.)
>
> --Mike-- Chain Reaction Bicycles
> www.ChainReactionBicycles.com

Now you mention it I've been getting an extra bar here at my PC since I
upgraded to 2.02.

Mike

Todd Allcock wrote:

> Because a teenager's tech blog is a definitive guide to accounting law?
>
> Even if that story made sense, Apple could've released the apps as
> "optional" freeware. They could've sold them for $1 instead of $20.
>
> It was a money grab (but a fair one, IMO- it was a significant upgrade.)

It wasn't even a money grab. It added new functionality so it was
legitimate, if a bit tacky, to charge the early adopters for it.

This isn't the first time Apple shills have tried to blame SARBOX for
upgrade charges. Apple was charging $5 to unlock WiFi capabilities in
some Macs, and SARBOX was cited by someone as a reason.

There actually are accounting rules that sometimes require charging
something for extra features, but they have nothing to do with SARBOX.
It's called "Revenue Recognition GAAP" and it's found at
"http://www.sec.gov/interps/account/sab104rev.pdf" and
"http://www.nysscpa.org/cpajournal/2005/405/essentials/p38.htm".

Still it's a real stretch. If the new iPod Touch with the new features
sold for more than the old iPod touch without the new features then
those new features could be claimed to have separate value. It doesn't
and they don't.

David Moyer <[email protected]> wrote in news:48ae4e31$0$33214$815e3792
@news.qwest.net:

> nokia isn't an american company larry, thus are not governed by the SOX
> law. please THINK larry.
>
>

Nokia does business in the USA, pays USA taxes on business it does in the
USA and IS SUBJECT TO USA LAW UNDER ITS USA BUSINESS, just like every other
international company doing business in the USA.

Somebody at Yamaha Motors said Yamaha was not subject to the Magnusson-Moss
Warranty Protection Act because they are Japanese when I returned my
defective GP1200 Waverunner. They were wrong, also....(c;

Think David....

"Mike Jacoubowsky" <[email protected]> wrote in
news:[email protected]:

> (Actually, that's true, but I can't see any difference in actual
> performance... just more bars.)
>
>

They turned the meter up....trying to bull**** their way through all this.