iPhone 3.0 Update Delivers Prodigious Patch Batch

CWmike writes "Apple patched 46 security vulnerabilities in the iPhone and iPod Touch, half of them in the Safari browser and its WebKit rendering engine, as it released iPhone OS 3.0 on Wednesday. One of the patched WebKit vulnerabilities stands out because of the attention it received in March, when a German college student, Nils, walked away with a $5,000 cash prize for hacking Safari at the Pwn2Own challenge. Nils used a bug in WebKit's handling of SVGList objects to crack Safari."

But the real question is...

[abshack]

Does it support copy & paste?

Re:

[mwvdlee]

$5000... you couldn't hire a security expert to do the same work for that little money.

Re:

[sexconker]

Nor could an insecurity expert do the work.

They'd take $5000 and hold a contest to get some kid to do it.

Re:But the real question is...

[Captain Splendid]

Yep.

Pays to RTFA, eh?

Re:

[dimeglio]

Real iPhone users don't need copy and paste. So the feature is irrelevant.

Re:

[njfuzzy]

Yes.

Re:

[amicusNYCL]

I'm a 30 year old Nude Photographer

Really? People don't have a problem when you show up at their wedding naked?

Re:

[AmigaMMC]

Why is the above modded a Troll? iPhone OS2 does not support Copy & paste so this is a legitimate questions. His intent might be to flame a bit, but the question remains legitimate. Let's not just mod people down just because we don't agree or because we're fanboys of this or that brand.

Re:

[spud603]

Wait, the iPhone now trolls? That'll save me some time.

I am disappointed!

[hansraj]

Frankly I don't know what all the hoopla about iPhone OS 3.0 is about. I was hoping to use compass with google map after the update on my iPhone 3G, but all I got was a lousy voice-memo software.

And before anyone points out that iPhone 3G didn't have compass built into the hardware - It is supposed to be apple! I expect nothing sort of miracles from Steve Jobs!!

On a serious note, tethering was supposed to be there without the need to jailbreak your phone, but it is not available in US, and it is not availab

Re:I am disappointed!

[alannon]

Rogers/Fido in Canada, surprisingly, will allow tethering.

Re:

[Anonymous Coward]

Correct about Rogers/Fido in canada - just watch your bandwidth usage to avoid $50k bandwidth bill.

Re:I am disappointed!

[Xocet_00]

I found this [rogers.com] earlier today indicating that Rogers will allow anyone with a 1GB or greater data plan to tether. I called them to confirm and I am in fact allowed to consume bandwidth right up to my 6GB cap, same as if I was consuming the bandwidth on the phone itself.

The really surprising thing is that it's automatic. I didn't have to get them to turn anything on in my account. I simply turned it on in the Network Settings page and was able to tether my Windows 7 laptop and a friends Macbook Pro over both Bluetooth and USB without issues and, even more surprisingly, without iTunes installed (on the Win7 machine).

Bandwidth was around 3Mbps down and 0.3Mbps up, with a minimum ping of around 150ms, tested on multiple servers using Speedtest.net. This is in the middle of Halifax, NS.

Re:

[sexconker]

"As if I was consuming the bandwidth on the phone itself."

Have they gotten to the point where they have actually tricked you into thinking there's a difference?

You ARE consuming the bandwidth on the phone itself.
The phone happens to be relaying the data to a PC. So what? My old phone and $30 AT&T unlimited plan from over years ago does this (over USB instead of WiFi, but given the choice I'd use USB anyway).

Re:I am disappointed!

[vux984]

Have they gotten to the point where they have actually tricked you into thinking there's a difference?

There is a difference. Its subtle, but important. But its not a technical difference it has to do with with service levels, over selling, marketing, and pricing. But that doesn't mean its any less "real.

Essentially, when they give you a 6GB data plan they are overselling their capacity. They know this. I know this. And now you know this. Its not a secret, its not 'teh evil'. If -everyone- used 6GB every month they'd be unable to deliver the service reliably at that price.

Hi end users are subsidized by low end users. Low end users are happy that they have 6GB and don't have to worry about bandwidth everytime they check their email. The carrier has a good idea what the distribution of users is, and knows that it can offer 6gb for $30 bucks, overselling what they can actually deliver at that price, but secure in the knowledge that the mathematical models of their customer's usage patterns virtually gaurantee they won't have to.

But that all assumes no tethering. Its a no brainer to sell 'unlimited data' to a blackberry user a couple product cycles back-- the thing only did email really well, and web browsing poorly. Add in tethering, and suddenly a sizeable chunk of customers on unlimited go from 'low/moderate' usage measured in the kilobytes per day to super-users in the 10s of megabytes per day. Someone that historically only checks his email on his device, getting the odd document, or mp3... well now he now downloading his operating system service pack, virus software update, while watching youtube.

The mathematical model changes. Bottom line: if they allow tethering, consumption goes up sharply for a significant group of consumers. They need to deliver more total bandwidth. That additional capacity costs more to supply and maintain. So they need to charge more for it.

And so we have 'no tethering' in some areas or 'tethering feature' charges in other areas. As as we move forward, the devices become more powerful, and its actually possible to use significant bandwidth on them, but even now, bandwidth usage per unit for untethered use is an order of magnitude lower than what tethered users use.

The carriers fear they would be unable to deliver reliable service at that level at that price point with wide spread tethering. So they're beign cautious about it, and looking to tier the service so that people who need it pay for it.

A final word out to those who despise over-selling and thing the ISP shouldn't do it. Shut the hell up. We, the /. power users, benefit from over selling the most. Its our usage that is subsidized by the low end users. Its because of overselling we can get 6GB for $30 in the first place. If they got rid of overselling the prices we'd pay would shoot sky high, and we'd all pay by the megabyte or some other metering right from the first byte. That would suck.

That's not saying that ISPs are angelic entities looking out for us, but overselling is good business that generally benefits the consumer with lower prices and services offered in a form that we like (I want a 6GB plan more than a plan that charges me 1$ per MB. Over selling and makes efficient use of the available resource...it a case of the free market actually working.

Re:

[MobyDisk]

Bottom line: if they allow tethering, consumption goes up sharply for a significant group of consumers.

Then just charge people for a tethering plan instead of banning tethering. DUH!

This is soooooooo lame I can't stand it. If tethering uses more bandwidth, then I'll pay for it. I'm not trying to get something for free! I'm a business user, and it would be a business expense, so that's fine. But instead they ban it entirely - so I have to buy a separate card + a whole separate data plan with a separate bill. That makes no sense.

Re:I am disappointed!

[vux984]

Uh, no.

Uh. Yeah.

You use your phone to access the internet over the cellular network.

Thank you captain obvious.

Whether or not your phone then communicates with your PC or other devices makes no difference. At all.

Actually read my post before you reply. There is no technical difference. But in terms of the business model to support it they are worlds apart.

Take a salad-bar, its the same situation. A single person can't really eat that much food, so I can offer him unlimited food for a fixed price, and make money by pricing it above what the average person will consume.

If people walk in and start expecting to 'tether' and feed their whole family off that one price, that's a game changer. I can't run an unlimited salad bar at that price anymore. The average amount consumed per "plate sold" has gone WAY up.

Similiarly, with a data device, there's really only so much data a single handset will consume. They are still mostly used for email and small files. So you can give people lots of bandwidth for a fixed price above the average cost and make money. If people start tethering, where they suddenly are using a lot more average bandwidth than before, then the pricing is no longer valid. They need to raise the rate, or charge for tethering, or block tethering, or something in response.

Re:

[sexconker]

You are limited to the bandwidth and usage limits set in your contract.

If AT&T can't support that, that's their fault.

Just like broadband ISPs, they oversell and under deliver, then cry about it.

AT&T's business model is not my concern.
My contract says unlimited data. I will do what I want within the rules of my contract.

If my contract specifically mentioned not being able to tether unless I paid extra, I'd do it anyone. There is no way for them to know other than sniffing my traffic or guessing ba

Re:

[vux984]

You are limited to the bandwidth and usage limits set in your contract.

Ah well then, you agree you aren't allowed to tether. Perhaps you should READ your contract.

My contract says unlimited data.

You don't get to look at once clause and ignore the rest. Read the whole contract. I'll bet it also says "no tethering". Or perhaps it simply says you aren't allowed to modify the firmware of your handset which is programmed to disable tethering. Either way, one way or another, you are outside the rules of your cont

Re:

[sexconker]

Wrong wrong wrong.

MY contract does not have the word tethering or anything related to it.
MY contract does not mention modifying my phone.
MY phone comes with the option enabled by default.

Custom firmware? Boy, you don't know shit. I'm running the official ROM image from Samsung, for AT&T. I haven't had to crack or alter anything.

Maybe you people with locked down phones need to think about the shit you buy into.

AT&T does not have control over my phone, actually.
AT&T can not actually modify my p

Re:

[vux984]

So let's look:
I'm not violating my contract in anyway.
My phone comes with this ability by default, my data plan is unlimited, and there's no clause about tethering.

Keep reading. The terms of your current rate plan form a material part of your contract/agreement with AT&T. And if the terms of your current rate plan exclude tethering, then you can't tether.

Ubuntu NTP servers? Why would I even have that when I don't run Ubuntu?...[snip]... Port monitoring? DNS? NTP? You're stretching, and you're still wron

Re:

[sexconker]

The terms do not exclude tethering.
The terms do not mention tethering.
At. All.

Yeah, I don't use NTP on my PC at all anyway dude.
(I may have it set on my router...)

You keep assuming things with no basis.

If they don't want me as a customer, that's fine.

But the point is there is no difference, they can't tell, they don't know what applications I run on my phone, and they have no legitimate reason to sell tethering service on top of an unlimited plan that is already sold as unlimited @ 3G speeds.

Re:

[vux984]

The terms do not exclude tethering.
The terms do not mention tethering.
At. All.

That great then. So what are you bitching about? Apparently you have tethering service. Why exactly do you think you might not?

Yeah, I don't use NTP on my PC at all anyway dude. (I may have it set on my router...) You keep assuming things with no basis.

I'm not assuming you use ntp, I'm merely showing you an example of how you might detect that tethering is going on. The fact that this specific example doesn't apply to you doesn't

Re:

[sexconker]

I do not have tethering service dip shit.
Here's what my contract (effectively) says:

Unlimited nation-wide internet access.

I got my fucking plan before anyone started bitching about tethering.

Re:

[vux984]

I got my fucking plan before anyone started bitching about tethering.

And....?

You think you can tether, right? And you have vigorously asserted that they haven't ever said anywhere that you can't. That its not excluded in your contract, in your rate plan, or in any other agreement you have with them.

So have they actually ever said ANYWHERE that =YOU= can't tether?

So seriously, what are you on about?

Re:

[sexconker]

You don't get to look at once clause and ignore the rest. Read the whole contract. I'll bet it also says "no tethering". Or perhaps it simply says you aren't allowed to modify the firmware of your handset which is programmed to disable tethering. Either way, one way or another, you are outside the rules of your contract.

You assumed a lot of shit about me not being allowed contractually to tether.

You're the one who's going on about it.
I'm saying the contract has no bearing on tethering at all, not can AT

Re:

[sexconker]

LOLWUT.

CELLPHONE - CELLNETWORK
PC - CELLPHONE - CELLNETWORK

AT&T runs the cell network, they can see my phone.
AT&T can't see my PC. All AT&T can see is that my phone is talking to the internet, as it usually does. What, are they going to spy on my traffic and see if I'm doing stuff that is usually a PC thing? That's highly illegal.

Re:

[Kartoffel]

As opposed to mildly illegal?

Re:I am disappointed!

[vux984]

Download caps and the price per GB we pay far exceed their costs.

for what its worth, cellular networks -- the topic at hand, are a completely different ballgame vs broadband. A few dozen people streaming movies can saturate a cell site that can normally support thousands of voice calls.

Re:

[mario_grgic]

Tethering does not work for me. I get a message to contact Rogers about tethering on my iPhone when I try to enable it in the network settings.

Don't fret

[Xocet_00]

Originally I was getting this message as well, which is why I called them in the first place. The techs told me that they were enabling the feature gradually (pushing some sort of update to the phone?) and that it would be available nationwide tomorrow (Friday).

Re:

[dimeglio]

They also allow it on the BB storm.

Re:

[mini me]

Rogers have allowed tethering up until this point. They are taking it away at the end of year though.

Re:I am disappointed!

[Nixoloco]

If you have AT&T in the US, you can enable tethering and MMS without jailbreaking. It is pretty convoluted process, but it works. This isn't Apple's fault though, but AT&T's.
http://www.krillr.com/blog/3DPQHBZ3/i-have-tethering-and-mms-on-my-iphone-and-yes-im-on-att [krillr.com]

Re:

[thePowerOfGrayskull]

Just be careful - actually doing so and getting caught at it is a violation of your TOS.

Re:I am disappointed!

[sexconker]

What are they going to do? Stop taking your money every month?

Re:

[jo42]

They'll use it as an excuse to take even more of your money every month. Don't want that now, do we?

Re:

[L4t3r4lu5]

No, they'll start charging you for data as though you were on a regular data tariff and not super-unlimited iPhone Special tariff, wait three months as you rack up $6000 in mobile data charges, then sue you for breach of contract.

You're talking about an entity very good at writing contracts so they hold all of the cards. A "Enabling features not supported by AT&T can result in extra mobile data charges." clause would be very easy to support in court.

Re:

[sexconker]

No it wouldn't.

I can show that those features ARE supported by AT&T on other phones and to other customers, with no additional charges.

AT&T has N O T H I N G to do with the enabling of tethering. There is no difference on AT&T's end whether or not my phone is pulling data for itself or is pulling data for a PC. This is a feature of the PHONE.

AT&T would have to prove that they have any involvement with the feature at all. I could demonstrate in court my phone browsing the web by itself,

Re:

[jabithew]

O2 in the UK allow tethering, for some crazy amount of money extra.

I am NOT disappointed!

[Eggz Factor]

If you have a data plan of 1 gig per month or better, tethering data comes out of your regular monthly allowance - no extra charge. I must say that this was a pleasant surprise. The fine print in the agreement is that Rogers / Fido may rethink the current arrangement in the new year after assessing the actual hit to the network that tethering may or may not incur.

Fingers crossed...

Re:

[someonehasmyname]

Dude, just jailbreak, already. How can you be a /. member and resist the urge to pwn your phone?

Jailbreaking doesn't void anything. I bought a 3G 2 weeks before the 'new model' was 'leaked', and broke it within an hour. Then 2 days before my 30 day 'tryout' was over, I backed it all up, restored it to default non-jailbroken firmware, and returned it 'because it sucked'. Then I went back to the store to preorder the day the 3GS was announced.

My 3GS will be here in a few days, and it gets broken immediately

Re:

[Henk Poley]

Go here on your iPhone: http://help.benm.at/ [help.benm.at]

It will show you how to enable tethering.

Re:

[scorp1us]

And before anyone points out that iPhone 3G didn't have compass built into the hardware - It is supposed to be apple! I expect nothing sort of miracles from Steve Jobs!!

Why not use the difference of GPS coordinates to determine the last direction walked and use that to orient your google maps/compass?

Re:

[venicebeach]

You could be walking backwards.

Re:I am disappointed!

[mdwh2]

Phone companies are the scum that are only slightly worse than the music industry.

Certain companies with certain phones may well be. My phone Just Works on tethering and other things without the need to jailbreak anything :) (I didn't even know it had a special name like "tethering" to be honest - I just thought it was something that worked as standard out of the box with any phone. There's nothing special about my phone, it's just a commonly available cheap bog-standard one.)

Re:I am disappointed!

[PopeRatzo]

Frankly I don't know what all the hoopla about iPhone OS 3.0 is about.

With the release of 3.0, Apple has once again revolutionized the entire realm of interpersonal communications using technology and have put the rest of the computer industry on notice that things are transformed forever.

Their accomplishment?

Patches.

I'm telling you, the iPhone is the Chuck Norris of high-tech fashion accessories. Everything that Apple does in regards to the iPhone is "revolutionary", "game-changing", and "transformative".

Patches...

Re:

[PopeRatzo]

You don't find 3rd party hardware control compelling?

Jesus...

Re:

[RedWizzard]

On a serious note, tethering was supposed to be there without the need to jailbreak your phone, but it is not available in US, and it is not available in Germany. Could someone tell me where it is available? Phone companies are the scum that are only slightly worse than the music industry.

Works in NZ. Very nice via Bluetooth!

Re:

[uglyduckling]

Tethering is available in the UK, but you have to pay a 'bolt-on' fee [o2.co.uk] which is only a penny cheaper than their most expensive pay monthly (=no contract) USB dongle, even though the monthly contract includes 'unlimited internet'. Nice of them to support their loyal customers like that.

Well that's just fantastic

[keeegan]

But when are they going to patch these security flaws on my 2.1 ipod? Paying for an update is ridiculous, especially when it fixes critical security flaws. I sure hope apple does the right thing.

Re:

[Captain Splendid]

Paying for an update is ridiculous

If you feel that strongly about it, go torrent the firmware. Not that hard to do.

I sure hope apple does the right thing.

You must be new here.

Re:

[hitmark]

or:

1. install a different firmware, maybe one that can play more formats...

2. get a different player that either provide firmwares for free, or allow the community to have a hand in the maintenance...

Re:

[Hel Toupee]

I have a first generation iPod Touch. It says on the back of the box that software bugfixes are free for life. I'd post a link to google images, but noone's managed to get a picture of the back of the box, go figure.

Re:

[njfuzzy]

It's entirely possible that an updated 2.X version will come out, later, incorporating fixes. Apple often does that with the Mac OS. (I'm not sure why you're expecting backpatches to be instantaneous.)

Re:

[Captain Splendid]

Why is this modded troll? As a first gen ipod touch user, I was thinking the same thing - some sort of 2.2.2 firmware update for the bugs only in a few weeks from now.

Re:

[Richard_at_work]

I have a first generation iPod Touch as well, and I can state for a fact that the box says no such thing.

Re:Well that's just fantastic

[Anonymous Coward]

Go ahead and search Google for the following string, it contains the patches you requested: iPod2,1_3.0_7A341_Restore.ipsw

Re:

[Anonymous Coward]

iPod1,1_3.0_7A341_Restore.ipsw for a first generation

Re:

[zaajats]

But when are they going to patch these security flaws on my 2.1 ipod? Paying for an update is ridiculous, especially when it fixes critical security flaws. I sure hope apple does the right thing.

Sure, paying for a security update alone is a bit strange, but really — it's only $10 and gives you so much more. Besides, it's not like your iPod has been taken over by viruses due to the bugs.

Re:

[tyrione]

You must be a Maddog 20/20 kinda guy.

Re:

[keeegan]

No, I just "thought" they wouldn't leave me hanging when there were fixes for serious security flaws.

Re:

[Crizp]

Well, you see, there's this update available...

Re:

[Just Some Guy]

You knew when you bought it that you'd have to pay for upgrades.

I certainly didn't know I'd be paying for updates that other people are getting for free.

Re:

[zaajats]

The upgrade to 3.0 is free.

not for iPod touches.

Re:

[L4t3r4lu5]

I was looking at purchasing an iPod Touch, actually. They look like very powerful devices.

Now I'm looking at keeping my Sanza Fuze and Nokia E51. Apple can get fucked.

Re:

[zaajats]

Now I'm looking at keeping my Sanza Fuze and Nokia E51. Apple can get fucked.

Your Fuze gets feature-rich updates often?

Point being — I find it somewhat strange that when Apple charges for an update, it's somehow worse than the competitors who don't offer any of the features, free or otherwise.

Re:

[L4t3r4lu5]

My Fuze is a media player, my phone is everything else. I can download apps for it from many Symbian [symbian-freeware.com] freeware [allaboutsymbian.com] repositories [free-symbian.eu] and all I lose is touchscreen and motion sensing.

It was for the convenience of one device, and because it would allow me to drop a mobile tariff for a VoIP application, which I was going to get an iPod Touch, but I disagree with paying for security updates on a fundamental level.

Re:

[Ilgaz]

E51 should be able to do the real internet telephony (standard one) natively and Skype etc. with Fring like applications. It should even have VPN built in.

Also you should be able to update your firmware (OS) natively via 'Nokia Software Updater' from Nokia.com. It needs Windows. Or, if you are lucky your phone can update itself. It is not like old times, Nokia keeps updating things even weekly in some cases. Of course, backup to memory card first.

Consider iPod touch a nice, mobile iTunes shell/media player

Re:

[Ilgaz]

Guy doesn't want features, he wants security fixes. Same major version. Like the ones OS X 10.4.11 (thankfully) gets.

Those bugs fixed are real, can be demoed on regular links and web pages. They are putting their customers to both security and financial risks by no releasing a 2.x secure version.

They are also killing the small reputation they have in business, enterprise with this attitude but it is a long story.

Re:

[mini me]

What I wonder is: How can Apple distribute the Remote application for free? It is an additional feature that was not provided with the original sale. There is no technical difference between downloading Remote through iTunes and downloading iPhone OS 3.0 through iTunes.

I see no problem with Apple charging for the update if they want to charge for it. But the SOX reasoning doesn't seem to make sense when they clearly provide additional features for free already.

Re:

[RudeIota]

What I wonder is: How can Apple distribute the Remote application for free? It is an additional feature that was not provided with the original sale. There is no technical difference between downloading Remote through iTunes and downloading iPhone OS 3.0 through iTunes.

In the case of not charging for Apple Remote: Arguably, Apple DID charge iPod customers for it -- $10 for the 2.0 update. The 2.0 firmware actually introduced the App Store itself, which means Remote is conceivably covered under that $10 fee.

I think... Somewhere... somehow... someone makes the decision as to whether it's a feature 'worthy' of a new product or not. Enabling hardware features seem to be presumed as such, but occasionally software counts too (Think: App Store, which provides far more value th

Re:

[Just Some Guy]

I know... this doesn't change the fact they charge for iPod firmware updates -- and Apple's reasoning is certainly open to well-deserved criticism -- but they lay the blame squarely on the Sarbanes-Oxley act.

That's bullshit. I bought iTouch OS 3.0 for $10 and assure you that it's not a bigger update than any of MS's service packs, or even their own OS X point upgrades. Every OS company - including Apple - somehow manages to give away upgrades, but they're claiming the government made this one illegal? Nope. Apple wanted extra cash and they charged for it, pure and simple. If they'd said something like "we're offering it for free to our premium customers", I think there would've been a lot less anger over i

Hacking Safari?

[Itninja]

Maybe I am missing something, but the article linked in the summary (about Pwn2Own's prize for hacking Safari) appears to be about someone hacking IE, not Safari.

Re:Hacking Safari?

[gEvil (beta)]

It helps to move on to page 2 of the article.

Re:Hacking Safari?

[Em Ellel]

Yes, you are missing the part where you should read the article

From TFA:

IE8 wasn't the only browser Nils hacked yesterday. After he took down IE8, he moved on to Apple Inc.'s Safari and Mozilla Corp.'s Firefox, both of which he successfully exploited with attack code he had created earlier. His total for the afternoon: $15,000 in cash from TippingPoint, and the Sony laptop

Re:

[hattig]

"created earlier"

That's hardly in the spirit of the competition, in my opinion.

Anyway, good that Apple has fixed the bugs. Bad that iPod Touch users have to pay to get the bug fixes.

Re:

[slyn]

Every hack in the competition was created early, and it was allowed within the rules to do so.

This made all the sensationalist "MAC CRACKED IN SECONDS" news/blogspam all the more annoying, and the _real_ news all the more painful. The real news was that the Safari exploit that the one dude used to win the Macbook Air had been around since the competition the year prior, and that he chose to save his exploit for the next years competition, and it wasn't fixed before he was able to use it for the CanSecWest 1

Re:

[hattig]

Oh dear, that's not a very good show, Apple. Then again I've thought their security update policy is quite lacking in urgency, even when they are notified of a hole.

Re:

[pv2b]

To give you an idea about how slow Apple are about patching security holes, and to add another data point to the description:

I reported the security issue known as CVE-2009-1697 (which is included in this large patch release). The e-mail back from Apple confirming receiving my report of this issue is dated January 7, 2009 in my e-mail inbox. That's about half a year ago.

Now, granted the security bug I reported is actually very difficult to exploit and do anything actually useful with. Basically, if you used

Re:

[Ilgaz]

If people started to use 'Webkit version xxxx.xx' already, it would be better.

I hate Apple apologizers too but people miss one fact, Safari is a shell for a Webkit with minor changes at Apple's side. Webkit isn't just 'Safari engine' anymore, it is a huge player both in browsers, multiple operating systems and even core renderer of offline/online apps.

Just on major players scene, Webkit powers Qt 4.x from Trolltech, Google Chrome, Nokia S60/S40 browser (the company sells 10 M phones in weekend) and Adobe Ai

Update the iPhone as often as Leopard

[jskoda]

I wonder why the iPhone doesn't see more patches and updates. If the iPhone OS is a branch of Mac OS why isn't the phone patches as much as the desktop OS? Do Windows Mobile machines patch every Tuesday? I never updated my CrackBerry. Perhaps Apple doesn't want the iPhone to appear to need patches more often than it's competitors.

Re:

[DragonWriter]

If the iPhone OS is a branch of Mac OS why isn't the phone patches as much as the desktop OS?

Probably because its a branch that is stripped down and on which less can be done, producing less opportunity for vulnerabilities.

It's patched about as often.

[SuperKendall]

If you think about it, while they don't happen at exactly the same time OS X does see about as many patches issued as the iPhone.

One thing throwing you off is that the newer Leopard has taken longer to come out with newer iPhone OS versions (like 1.x to 2.x).

They do, of course, share the same base OS but tend to sort of leapfrog each other a little as to versions of components used.

Security for $10?

[cant_get_a_good_nick]

I have an iPod touch, i was wondering if it was worth it to upgrade. I also wonder if these Safari bugs will be fixed in a 2.x update. Sucks to have to pay $10 to be secure.

  Although if i don't, it's easier to pWn and run cydia on it I guess.

Re:

[grocer]

Well, it does add copy/paste (finally), landscape keyboard in Notes & Mail, global search, and nifty controls to Podcasts (30 sec skip, 2x/.5x/1x playback, e-mail button)...plus Push for apps to run in the background. I'm satisfied with the upgrade on my 1G...but still annoyed I had to pay all 10 bucks when I don't get bluetooth headphone support (that's 2G only).

You were just given security for life

[SuperKendall]

I have an iPod touch, i was wondering if it was worth it to upgrade.

Probably for some of the improvements playing media, you should check a number of the lists and see if anything appeals. Also a number of new apps are going to take advantage of 3.0 and you'll quickly find you would like to upgrade.

I also wonder if these Safari bugs will be fixed in a 2.x update. Sucks to have to pay $10 to be secure

But that's the beauty of a system where a large majority (80%+) upgrades to new OS. You may have security

Re:

[cant_get_a_good_nick]

And the USB wall warts are insanely expensive - about $30. Granted, they don't stop you from buying it elsewhere, and they are just taking advantage of people willing to spend that on an Apple branded product, but does Steve need new turtlenecks that badly?

Re:

[stewbacca]

$30 counts as insanely expensive these days???

Kiss Pay-As-You-Go "Good-bye"

[ackthpt]

GoPhone subscribers warned the upgrade will be the end of the service. [mobiletechreview.com]

AT&T Narrows Prepaid Plan Options [pcworld.com]

"AT&T currently offers two types of prepaid plans: GoPhone, its "pay as you go" plan, and Pick Your Plan, its "prepay once a month" plan. AT&T's statement says that GoPhone will not be available for either original iPhones or iPhone 3Gs; Pick Your Plan will only continue to work for existing subscribers using the original iPhone, as long as they have an unlimited data plan. Current Pick Your Plan users who don't have an unlimited data plan will be asked to add one. iPhone 3G users are not eligible for Pick Your Plan.

According to Erica Sadun at TUAW, who's been investigating this issue, all pay-as-you-go users are being strongly encouraged to sign up for a postpaid plan, which includes making a new two-year commitment."

Looks like I'll be waiting a year for the Apple/AT&T agreement to time-out. I'll not do a two year agreement again, ever.

Unlimited Data has actually been gone since Nov

[weston]

AT&T actually discontinued its unlimited prepaid data plan in general back in November. I still have it, because I'm grandfathered in, but my understanding is that there's no new ones.

Still... half my reason for keeping it around has been in case the iPhone became more appealing to me. If they drop prepaid data for the iPhone, I think I'm done with them. I'd guess you can still make it work by unlocking, but if I'm going to have to unlock, there's nothing so compelling about their service that would kee

Re:

[garote]

"AT&T currently offers two types of prepaid plans: GoPhone, its "pay as you go" plan, and Pick Your Plan, ... "

I swear, I misread that as "Pick Your Pain", and did not even pause...

what update?

[wardk]

my iTunes isn't seeing any update from the original 3.0 upgrade yesterday.

Re:

[stewbacca]

I think they actually mean the 3.0 upgrade. Of course, this is slashdot and I wouldn't expect any news about actual features...just security patches.

Only $5000?

[recharged95]

" Nils, walked away with a $5,000 cash prize for hacking Safari at the Pwn2Own challenge."

.

In other news, for at least 3 months, hackers exploiting Nils technique walked away with a few hundred thousand via identity theft, atm fraud, password access, etc...

Re:

[njfuzzy]

Boo. Hoo.

Re:

[ameyer17]

More like "should have been in 1.0" in some cases
Seriously, no copy and paste in 2009?

And it's theoretically possible Apple will release a 2.2.2 firmware for the iPod Touch with backported security fixes.

Re:

[stewbacca]

another one of Apples (not so) subtle schemes to get you using a particular software version whether you like it or not

Or there's the part where the new functionality in the phone requires a new software version to control it? You know, as in, "we couldn't predict the future with iTunes 8.1 to know what it would need for the third-gen iPhone coming out next year".

Re:

[Phroggy]

who says you *have* to use it? i use itunes elusively for iPhone updates. nothing requires you to use the software for mp3s or anything else.

If you're in a corporate environment and don't have Administrator access, you can't install the newest version of iTunes, which means you can't use iTunes for iPhone updates, regardless of whether you want to use it to play music.

Re:

[stewbacca]

How is your stupid corporate IT policy Apple's fault again?