
iOS 12 uses Lua code downloaded from Apple's servers - FBISurveillance
https://twitter.com/_inside/status/1026173832527265792
======
ChrisLTD
It’s nice that Apple isn’t tying this functionality to OS updates. It was
pretty bad a few months back when typing prediction went haywire and we had to
wait weeks for a fix.

Separately, I’m surprised Apple didn’t do this with Swift. I thought one of
the goals of Swift was to be a good language for low level code up to high
level scripting.

~~~
sbjs
One purpose for making Swift was because Objective C is dynamic, and they
thought they could get a speed boost by going fully static. The other is
because they were having a hard time evolving a C-based language because C is
full of plot holes. Swift is meant to be efficient but still allow
abstractions, which C is really bad at. (The best you can get with C is leaky
abstractions.)

This should be dynamic, but it shouldn't be LUA. It should be something like
JSON. Although Lua is sandboxed, so it's safer that way, it is still an easier
and bigger attack vector for hackers than JSON would be.

~~~
wereHamster
Do you really believe that if Apple wrote their own interpreter for their own
custom language that serializes into JSON it would be safer than using one of
the battle-tested LUA implementations?

~~~
sbjs
I was suggesting that they don't have executable code at all, that they use
static configuration. But it may not be possible within their problem domain,
I don't know. I always prefer static solutions until dynamic becomes
necessary.

~~~
crgwbr
Between code signing and sandboxing, this probably isn’t any more dangerous
than the JS that Safari downloads and runs every time you open a webpage.

------
mintplant
The example is interesting (a suggestion to contact the organizer of an event
you're running late to), and supports my suspicion that much of the
"smartness" ascribed to modern devices boils down to lots of hand-crafted
pattern-response rules. Pay no attention to the programmers behind the
curtain.

~~~
dan-robertson
I’m not really sure anyone should be surprised that much of the smartness is
rule-based with maybe a bit of “AI” to help with speech recognition and
fiddling with the words a bit. I think this is good because it tends to lead
to misunderstanding being biased towards not doing anything instead of doing
something particularly wrong. The downside is that the rules never seem to
cope with enough inputs.

My hope is basically that many more rules will be written and they will slowly
move towards handling more general problems as well as a very large variety of
specific cases.

------
currysausage
Looks like the code is not obfuscated and even includes comments. Does anyone
here have the URLs? Might be an interesting read.

------
ppetty
Is the “not obfuscated” part potentially just because the OS is still Beta?
Seems somewhat similar to not encrypting the kernel, from iOS 10
([https://techcrunch.com/2016/06/22/apple-unencrypted-
kernel/](https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/)).

------
stefan_
It's like a WoW addon. They should make the entire UI scriptable and create an
addon store.

~~~
earenndil
They won't do that because they want a consistent look for their devices. If
you jailbreak, though, you can inject code that hooks into random methods and
changes the ui; but that's not officially supported.

------
Jyaif
That's something that Apple forbids app developers from doing (unless the lua
interpreter is running in a webview).

~~~
haney
[https://developer.apple.com/app-
store/review/guidelines/](https://developer.apple.com/app-
store/review/guidelines/)

    
    
      > 2.5.2 Apps should be self-contained in their bundles, 
      > and may not read or write data outside the designated 
      > container area, nor may they download, install, or 
      > execute code which introduces or changes features or 
      > functionality of the app, including other apps. 
    

The wiggle room is in the "introduces or changes features or functionality of
the app" line, they've given themselves vague discretion to reject things that
download _too much_ code, but there are tons of apps that do OTA updates that
haven't been rejected because they aren't changing fundamental
features/functionality.

~~~
nomadluap
Also if there was no wiggle room here, then any app that downloads and
displays webpage content would be in violation due to embedded javascript.

~~~
DerekL
For a long time, downloaded code could only run inside Apple’s WebKit or
JavaScriptCore, but since June 2017, you can use any language and interpreter.
Apparently, almost nobody noticed:
[https://www.theregister.co.uk/2017/06/07/apple_relaxes_devel...](https://www.theregister.co.uk/2017/06/07/apple_relaxes_developer_rules/)

~~~
binomialxenon
It's good that they revised that ridiculous restriction, but I think they
should go further still. It was disingenuous to advertise the iPad as a
"computer replacement" when having an environment for Python coding (widely
used for beginner programming) was essentially banned. There really _should_
be a way to work in even compiled languages on iDevices.

------
sbjs
Wait, am I understanding this right? Apple is doing _exactly_ what they forbid
iOS developers from doing for _years_? Downloading code from the internet and
executing it, in order to make runtime decisions or to allow live upgrades?
That's just hypocritical BS right there. But the comment thread in the tweet
is wrong about it being dangerous. Lua can be sandboxed like any decent VM in
2018. "Danger" isn't the problem.

~~~
xoa
What. Apple has no issues trusting Apple 100% completely, nor do any of their
users. Or more specifically, Apple itself is simply an inseparable part of the
core trust foundation since they control the entire stack of hardware,
firmware and software. You calling this "hypocritical BS" is just nonsense,
it's like acting shocked that Apple doesn't allow any random developer to
issue microcode processor updates even though Apple could. Of course Apple
can, there is no equality there. Apple develops private code and dogfoods it
before making it public. Any platform developer by definition has to do low
level stuff as part of making higher level stuff. This is not difficult.

"Hypocrisy" gets thrown around _way_ too often on the Internet, and if you do
so you are basically always wrong, either because it's not actually hypocrisy
at all (the word is not a synonym for "anything I don't like") or because it's
a meaningless thing to say anyway vs more substantive complaints.

~~~
insidegui
It's also worth noting that the bundle that includes the Lua code is signed
and its signature gets verified by the OS before running.

