Apple Says a Bug May Grant 'Full Access' To Third-Party Keyboards By Mistake (techcrunch.com) 52
Apple is warning users of a bug in iOS 13 and iPadOS involving third-party keyboards. From a report: In a brief advisory posted Tuesday, the tech giant said the bug impacts third-party keyboards which have the ability to request "full access" permissions. iOS 13 was released last week. Both iOS 13.1 and iPadOS 13.1, the new software version for iPads, are out today. Third-party keyboards can either run as standalone, or with "full access" they can talk to other apps or get internet access for additional features, like spell check. But "full access" also allows the keyboard maker to capture to its servers keystroke data or anything you type -- like emails, messages or passwords. This bug, however, may allow third-party keyboards to gain full access permissions -- even if it was not approved.
Bug? Design flaw in iOS more like. (Score:3, Insightful)
A keyboard should be just that - a keyboard, nothing more. Once linked it should be a purely one way data stream from keyboard -> device via a single interface (other than low level bluetooth protocol data). There should be no need and no possibility of the processor inside the keyboard being able to access any kind of networking stack or other functionality in the OS whatsoever. Whoever thought it should and "full access" was a smart idea should be booted out on their arse.
Re: (Score:3, Insightful)
A keyboard should be just that - a keyboard, nothing more. Once linked it should be a purely one way data stream from keyboard -> device via a single interface (other than low level bluetooth protocol data). There should be no need and no possibility of the processor inside the keyboard being able to access any kind of networking stack or other functionality in the OS whatsoever. Whoever thought it should and "full access" was a smart idea should be booted out on their arse.
Yeah, keyboards should be *just* keyboards, but people should also know how to spell without needing a cloud-based spell checker every damn time, which catering to the lazy class created this problem. Perhaps the true design flaw was not educating people on how to fucking spell.
Cars aren't just engines, transmissions and wheels anymore. Phones aren't just handsets, ringers, and a dial tone anymore. The fucking light bulb isn't even *just* a light bulb anymore. Good luck with that 19th century argument
Re: (Score:2)
Wish I had mod points.
Re: (Score:3)
Yeah, keyboards should be *just* keyboards, but people should also know how to spell without needing a cloud-based spell checker every damn time, which catering to the lazy class created this problem. Perhaps the true design flaw was not educating people on how to fucking spell.
Why should I make efforts when a machine can do it for me? That's the reason we have machines in the first place.
And spelling isn't the reason why we have predictive keyboards. It is to compensate for smartphones being terrible input devices for English text, mostly because of their size. In the same way, QWERTY keyboards are terrible for writing Japanese text, and they solved the problem the same way: by using personalized predictions. The "cloud" part is just an improvement, to lessen the time it takes be
Re: (Score:2)
"QWERTY keyboards are terrible for writing Japanese text"
Thats because its not text, its pictograms. Perhaps its time for them and the chinese to drag their writing systems out of the stone age.
Re: (Score:2)
I wouldn't say they're ahead. The Western style texts have its advantages such as the ease of reproducibility both with machines (eg. printing presses) and humans (eg. monks) without massive education requirements to grasp its understanding. This allows younger people and people frequently moving across languages (travelers, traders, ...) to be more or less adept with a language even if they don't understand every aspect of it.
You mentioned the pro's of the other language but it massively affected the cultu
Re: (Score:2)
Try doing nuance with pictograms - it doesn't happen. Also complex grammatical tenses such as the subjunctive, the past perfect etc are next to impossible.
Re: (Score:2)
You realize that all written language is just "pictograms". It doesn't really matter if the individual character represents a single sound or a whole word (by the way Japanese is a logographic style of writing not a pictogram).
text noun
\ tekst
\
Definition of text
(Entry 1 of 2)
1a(1) : the original words and form of a written or printed work
(2) : an edited or emended copy of an original work
b : a work containing such text
2a : the main body of printed or written matter on a page
b : the principal part of a book exclusive of front and back matter
c : the printed score of a musical composition
3a(1) : a verse or passage of Scripture chosen especially for the subject of a sermon or for authoritative support (as for a doctrine)
(2) : a passage from an authoritative source providing an introduction or basis (as for a speech)
b : a source of information or authority
4 : theme, topic
5a : the words of something (such as a poem) set to music
b : matter chiefly in the form of words or symbols that is treated as data for processing by computerized equipment text-editing software
6 : a type suitable for printing running text
7 : textbook
8a : something (such as a story or movie) considered as an object to be examined, explicated, or deconstructed
b : something likened to a text the surfaces of daily life are texts to be explicated— Michiko Kakutani
9 : frame of reference sense 2 updated to fit the women's lib text for consciousness raising— Judith Crist
10 : text message sent a text with the details
https://www.merriam-webster.co... [merriam-webster.com]
I don't see anywhere in there that Japanese written characters would fail to be part of a text. It is also from the 5th century (CE) so has already come out of the stone age (approx. 1250BC for Chinese).
Re: (Score:2)
" It doesn't really matter if the individual character represents a single sound or a whole word"
Yes, it really does because its far easier to learn thousands of words made up of a different set of letters than it is to learn thousands of pictures. Therefore pictographic languages have a much simpler grammatical structure - or none at all - and so a lot of information has to be infered and pictures tend not to lend themselves to abstract concepts. Eg: good luck writing the future perfect continuous tense in
Re: (Score:2)
You missed the point. There are no pictographic languages in common use (again Japanese is a logogramic language not pictographic). The only currently language that is slightly pictographic is Chinese (and even that has very few actual pictographic characters).
It is also interesting that you quoted me out of context to bring up a totally different argument to what I was replying to. Your original post didn't say that Japanese was harder to learn than English just that it isn't text (which it is) and that th
Re: (Score:2)
Why should I make efforts when a machine can do it for me?
Ummmm, to prevent shit like this from happening?
Machines are great when they work for us, not so much when they become stupid-dangerous to use, as this craptastic keyboard appears to be.
Re: (Score:2)
Oh ye pack of luddites, how fundamentally wrong ye be.
The job of computing is to do things for us, not the other way around.
Re: (Score:2)
Oh ye pack of luddites, how fundamentally wrong ye be.
The job of computing is to do things for us, not the other way around.
The job of computers is to assist and enhance our lives.
Believe me you'll know when the job of computers is to do things for us. You'll be standing outside the building with the rest of the unemployable, waiting for your UBI check.
Re: (Score:2)
"Good luck with that 19th century argument against todays consumers and the products we're forced to build for them."
Forced? They held a gun to your head and forced you? I don't think so.
This was not "forced". It was just some really stupid fuckers really bad idea implemented without thought of the consequences. There is A LOT of that going on. Consumers, if anything, would like to FORCE you stupid fuckers with the really bad ideas to just fuck off and die. Unfortunately, consumers cannot FORCE anythi
Re: (Score:2)
While spelling is part of the problem, a significant second issue is the miserable ergonomics and key placement of these small keyboards. I use mostly Apple keyboards, and they are quite miserable for an old-school touch typist. (I have long fingers so my “home” buttons are awef jio; which exacerbates the problem.)
Re: (Score:2)
Yeah, keyboards should be *just* keyboards, but people should also know how to spell without needing a cloud-based spell checker every damn time, which catering to the lazy class created this problem. Perhaps the true design flaw was not educating people on how to fucking spell.
I can spell, but I can't type with perfect accuracy on the tiny pictures of keyboards phones display, especially when I'm in the middle of doing other things at the same time - so the autocorrect stuff really helps. Without the autocorrect stuff, typing on the phone would be less convenient, slower and require much more focus than now. It wouldn't be any different if I couldn't spell, really. Feel free to switch it off if you don't like it.
Also, this only affects third party keyboards, and once the swipe-to
Grammarly (Score:2)
The problem is that in 2019, some people think Grammarly is brilliant idea.
So, you end up with input methods that basically are glorified key-loggers.
(whereas I'm more likely to use LanguageTool. Also a server based grammar chercher, except you have the option to run the server locally, no internet needed)
Re: (Score:2)
Re: (Score:2)
The problem is that in 2019, some people think Grammarly is brilliant idea.
Grammarly is a useful proofing tool and it's fine for that use. It's not going to make you write gooder.
Re: (Score:2)
Exactly. It's useful for those who know how to spell and possess the grammar skills of someone who made it past elementary school. Having it to catch little mistakes, which invariably happen on a small keyboard or while texting and driving is a useful feature. But, for many, Grammarly only reinforces poor writing habits.
Re: (Score:2)
But, for many, Grammarly only reinforces poor writing habits.
Overall I find it useful as a way to catch the little things I might have missed- a space before a period, terms that could conceivably be hyphenated, missing articles, etc.
What annoys me about it is that it will frequently call out a 'mistake' that's not really a mistake. Sometimes it gets confused with plurals, and convoluted sentences will occasionally confound it. It also thinks that "ZIP Code" should be "Zip code" or "zipcode" and no amount of correcting it seems to lodge in its brain.
My manager: "But
Grammarly is *Online* only (Score:2)
Grammarly is a useful proofing tool and it's fine for that use.
No, it's not fine.
I'm not against proof reading in general.
I'm saying that the current most popular tool, Grammarly, is a bad tool, because the only way to use it is by contacting somebody else's server somewhere on the internet [grammarly.com].
Hence "glorified key-logger".
As opposed to tools such as LanguageTool that you can install locally [languagetool.org] and thus use without your text ever leaving your computer.
Re: (Score:2)
Grammarly, is a bad tool, because the only way to use it is by contacting somebody else's server somewhere on the internet [grammarly.com].
I understand your concern, but "contacting somebody else's server somewhere on the internet" is how 90% of shit works these days. I'm not saying it's a good thing, just that it's a thing.
If I was writing classified material I'd avoid Grammarly, but I really don't care if they 'steal' my secret blueberry pie recipe or the pointless junk I write for my employer.
I'll have a look at LanguageTool and see if it looks like it would work for me, but their character limits may be a problem. 20,000 characters isn't v
Re: (Score:3)
This was before keyboards became way more than just that. You have cardreaders in them, they come with programmable keys and macro functionality, some have some sort of touchpad and you have to cater to all those things as a manufacturer of an OS. Twice so if your hardware is more a fashion statement rather than requiring actual usability to sell, where having some sort of gimmick to spice up your "mundane" hardware is pretty much paramount.
I'm fairly sure the engineers at Apple are just as pissed about it
Re: (Score:2)
There should be no need and no possibility of the processor inside the keyboard being able to access any kind of networking stack or other functionality in the OS whatsoever.
This is very rude and politically incorrect, think of the keyboards please!
My toaster and my fridge can access the net whenever they want and my fridge even orders milk by itself!
Re: (Score:2)
This is not about a physical keyboard but an on-screen keyboard. You can replace those with custom ones such as more similar to Android 'swipe' keyboards or other ones for blind people etc.
Those keyboards are just 'apps', which can be integrated with 'cloud' services for whatever reason (spell check, suggestions, self-aware AI to write your essays etc)
Software keyboards (Score:2)
Maybe the summary should have emphasised that this issue is about software keyboards on the touch screen, not about connecting physical keyboards not made by Apple over Bluetooth or over USB with a dongle.
Otherwise, it would have been nice if the iPad's keyboard connector on the edge had been completely open to third parties and hobbyists, so that third-party keyboards wouldn't need cables or internal batteries.
The "Smart Keyboard" that they are trying to sell for $159 to $199 is atrocious: at any price I f
Re:Software keyboards (Score:4, Insightful)
Apple stopped being a manufacturer of well made - if overpriced - kit when steve jobs died and has turned into a hawker of absurdly priced poorly built crap under the watch of Cook. But can you blame him when there are so many suckers out there willing to part with their money just for a naff brand logo? Eventually said suckers might wise up but I won't hold my breath.
Re: (Score:2)
When your balls eventually drop get back to me sonny. In the meantime go play with your teddy bear, the adults are talking.
Re: (Score:2)
Part of the Apple value proposition was "it just worked". Another part was Apple's direct relationship with the consumer of its goods, ignoring all else but that consumer.
This meant arduous testing on a limited set of platforms made by Apple, so that regression testing could be done-- not the mindless world+dog turf that Microsoft must deal with.
Apple screwed that up, too. Once majestic with a huge cult-like fan club, the pinnacle of getting-it-right now becomes just another Walmart, Spotify, and also-ran.
Re: (Score:2)
Part of the Apple value proposition was "it just worked".
Yep, and that was marketing at its finest considering the whole "it just worked" thing was pure bullshit.
I know far too many people who spent days tearing their hair out trying to resolve problems with the "it just works" machine. The OOB experience was great, right up until you pressed the power button and reality took over.
Was it as bad as getting a PC straightened out or set up? Mostly no, but that whole "it just works" fantasy led lots of people down the rabbit hole with wallet in hand.
Re: (Score:2)
The Reality Distortion Field was masterful, wasn't it? People blamed themselves for Apple's mistakes. Do you see this same sort of trusting behavior displayed elsewhere in today's news?
Customer loyalty is part schmoozing, addiction to ecosystems, and boundaries to migrating to other ecosystems. That's marketing.
In engineering, a gaffe is a gaffe. They admitted it. Like other gaffes in our industry, no one will be fired, demoted, or fall on their swords. The press will create smoke and turbulence, and then a
Re: (Score:2)
Not only that, but the iPad keyboards are built miserably and start falling apart in no time. Bad design, opportunity lost.
QA is dead (Score:4, Insightful)
Remember how much more QA was done back before companies could just issue a patch and expect that everyone would get it?
It's not just Apple, obviously, although they're the only tech company that really claims to have things that "just work", so they wind up looking like some of the biggest assholes when their products are no better than anyone else's.
It's obvious that iOS 13 got insufficient QA. Nice work, Apple.
Sorry, when are you talking about? (Score:4, Insightful)
Remember how much more QA was done back before companies could just issue a patch and expect that everyone would get it?
It sounds like a great time but I can't think of any time that patches or new releases or new versions worked first time and everybody "got it". This is regardless of the company or coders.
Maybe you can explain what you mean in more detail (with examples)?
Re: (Score:2)
"Maybe you can explain what you mean in more detail (with examples)?"
Judging by moderation, you're the only one who doesn't get it.
But just to be kind even though you're being willfully obtuse, here's an Apple related example for you so you don't think I'm only prejudiced against Apple: system 6.0.7 worked for years with no patches or updates.
Re: (Score:2)
Remember how much more QA was done back before companies could just issue a patch and expect that everyone would get it?
No I don't. You don't either. You just think you do because you have rose coloured glasses on.
Re: (Score:2)
"Remember how much more QA was done back before companies could just issue a patch and expect that everyone would get it?"
None more QA. Thinks still sucked from day one, but they used to be stuck that way with no fix forever.
Fuck Apple (Score:1)
How the &$^#! (Score:2)
How craptastic is your OS when connecting a keyboard can result in "full access" to the system?
As other people have commented, a keyboard should be a dumb device with no tricky shit that can bpass your security or manipulate the OS into granting access.
Re: (Score:2)
That's funny (Score:1)
Not only IOS was always late and buggy compared to Android, but now they will have two OS to maintain, they will later and buggier!