04-29-2011 03:49 PM
04-29-2011 03:53 PM - edited 04-29-2011 03:54 PM
I have no problem going into the system and looking at other tickets but I can't seem to find yours and even if I manually type the url it still doesn't work. It does work for other tickets though
Actually the latest ticket I see is #182
04-29-2011 04:02 PM
I believe tickets are private by default, so users can submit tickets about confidential issues and not have to worry about non-RIM employees seeing it. It'll probably be made public soon.
04-29-2011 04:15 PM
04-29-2011 04:22 PM
I just have one comment pointed towards Marc_Paradise, it may not really matter anymore at this point, but don't you think it would be wise for you to remove your how-to on how to get the SWF files off the playbook from your post in the Crackberry forums...........
While most (if not all) developers on this forum would refrain unloading someone else's work, that is a public forum where I can tell you first hand, there are many people who will not hesitate.
04-29-2011 04:48 PM
04-29-2011 05:07 PM
Thanks Mark! I'm glad this issue is being treated seriously!
By the way, in all fairness it is indeed true that many platforms have easy ways to extract someone else's code. I suppose a super easy 'hole' to steal code is just something I didn't expect from a company that prides itself on it's security like RIM. That said, some are easy to prevent. On WebOS it's easy because the device can be rooted with no problem. Once on the device you can CD to wherever the apps are and copy them somewhere else. Had it not been possible to root the device this would be a whole lot harder.
In this particular case a first 'patch' should probably be taking apps out of the whole backup routine. Apps can be (re)downloaded from AppWorld after signing in with a BB account since the system knows which apps we purchased. Secondly it would be nice if any thing downloaded from AppWorld would be encrypted so that even in case the user gets to the bar file they still can't access it's contents. It would also be nice if there would be something tied to a specific BB account in the encryption routine. That too will make redistribution harder.
Just some ideas really.
None of these things are perfect and I'm sure they're 'crackable' but at least they will make it less than trivial to steal code.
Staff UI Prototyper (read: full-time hacker)
04-29-2011 08:49 PM
I didn't read the whole thread so if this has been suggested then I apologize, but one thought I had is to use the QNX packages in your initialization code (even if you don't need it, just include it) to trigger a PPSChannel exception, preventing people from throwing it into a browser.
It doesn't protect you from PB->PB copying, but at least you won't lose your work to a browser (or worse, the internal browser!)
If this is silly then I'll just be on my way
04-29-2011 09:13 PM
It's not entirely a silly thought, but as mentioned there are flash decompilers where someone could decompile and remove the offending code then recompile to put in a browser. Won't be able to put it on a PlayBook, but a browser would run it no problem.
From a good portion of the conversation though, a lot of people seem to be more worried about someone getting access to their code moreso than the app itself.