The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
The iPhone Wiki:Community portal
Archives | |
• 2010 • 2011 • 2012 • 2013 • 2014 • 2015 • 2016 • 2017 • |
The iPhone Wiki's SSL
As a security researcher, I have a bad habit of inspecting every SSL certificate I get in my hands, I couldn't ignore the fact that the SSL Certificate used on The iPhone Wiki is provided by CloudFlare (?). If it is, then you guys better buy (with help from some donations maybe?) a Comodo Positive Certificate. Those free certs provided by Cloudflare are shared, and I heard numerous stories about it being simply circumvented or replaced by man in the middle attacks as these certificates only protect a node kinda giving user the false security illusion, but the origin server remains unprotected unless you apply for the Full SSL feature of Cloudflare that requires you to also buy a certificate for the host (if applies).
As you can see, on the FREE certificates, the origin is still not encrypted thus rendering breaches in the system.
This is how Flexible SSL works: [1]
This article worth reading: [2] GeoSn0w (talk) 19:11, 4 August 2016 (UTC)
- You seem to have a misconception about what CloudFlare offers on their plans.
- * All "levels of SSL" (Off, Flexible, Full, Strict) are available on all plans.
- * What is only available to Business and Enterprise plans however, is the option to use your own certificate. Free and Pro plans have no choice.
- That said, it should be easy enough to get a free valid SSL cert from Let's Encrypt to use between your server and CF so that you can switch to Strict SSL - even on a free plan.
- Also, I'm not sure if Saurik has reacted to this already, but I'm neither seeing a CF-issued SSL cert being used on the wiki, nor does theiphonewiki.com resolve to a Cloudflare IP.
- I'm seeing a RapidSSL SHA256 cert that looks like it has been issued on the 3. September 2015, and contains only "theiphonewiki.com" and "www.theiphonewiki.com" as common/alternative name.
- — Siguza (talk) 23:10, 4 August 2016 (UTC)
Strange, I am seeing a CF signed cert for "graham.ns.cloudflare.com". And is also verified and issued by "Avast! WebShield" (this is kinda misleading because it is generated by my Antivirus), but the CF has no sense to show up in my firefox if you say you use RapidSSL. Actually, I know what CF do and how their shared SSL work, as I use CF myself, and trust me, you can't compare your own cert with the one they provide. Shared certs are not actually yours, they will still point to CF... GeoSn0w (talk)
- It sounds like that's your antivirus/security software intercepting your HTTPS traffic. This is generally done with products that contain parental controls to block certain websites from children, but is frowned upon for privacy/security reasons. (For the record, I see the same thing Siguza sees.) --Dialexio (talk) 06:29, 8 August 2016 (UTC)
Actually, I uninstalled the AV just to test, and it still shows the same cert even after browser cleanup.GeoSn0w (talk)
- To what IP does theiphonewiki.com resolve for you? For the record, I get 54.147.18.44. If someone out there has another valid cert for theiphonewiki.com, then that is quite a problem. — Siguza (talk) 13:16, 18 August 2016 (UTC)
- Can confirm the IP address is 54.147.18.44 and I also see the same RapidSSL SHA256 CA - G3 cert being used. MWoolweaver (talk) 23:18, 24 April 2017 (UTC)
iPhone-Elite
I think we should include all this old stuff before it gets lost: code.google.com/p/iphone-elite/. I mean the wiki articles there. Most infos should be already here, but I'm sure a lot of things are missing too. --http 15:02, 26 June 2012 (MDT)
Boot-args cleanup
We need to clean up the boot-args pages. First the technical part: What I understand is that iBoot loads the kernel. And when loading it, it can pass some parameters to select certain behavior. So this only works with an iBoot or bootrom exploit. I understand that in earlier firmware versions there was simply an iBoot variable, but that doesn't exist or work anymore, now passing theses args requires a different or patched iBoot. There are various parameters in different kernel versions. The description for these arguments is scattered over various places:
- Kernel#Boot-Args A section with the latest boot arguments list. This should be a short introduction and having a link "main article".
- Boot-args (iBoot variable) separate page for boot arguments, but mainly for the iBoot variable that doesn't exist any longer
- Boot arguments (redirect)
- Talk:Restore_Mode describing the iBoot variable problem
- Various pages referencing boot-args, like Research: Re-allowing unsigned ramdisks and boot-args with the 2.* iBoot (here we should have a link on the second title)
- My earlier comment Talk:Kernel#boot-args
- This comment here.
So what do we want to do about this mess? I suggest to move the current Kernel content to the redirect page Boot arguments (or to another new page, maybe boot-args). The current content of Boot-args (iBoot variable) and all other content should get merged into there. Then change all references to this new page and on the Kernel page write just something short with "main article there". What do you think? --http (talk) 21:31, 13 February 2013 (UTC)
- I like Boot Arguments. --5urd (talk) 02:01, 14 February 2013 (UTC)
Easy tasks for new editors
- Finish converting the remaining error codes listed here MobileDevice_Library#Known_Error_Codes into the proper mach_return_t codes they should be displayed as. (convert the negative number listed into hex, strip any leading "FF" so it should be in the format "0xe80000" followed by two numbers) --Dirkg (talk) 22:40, 28 August 2013 (UTC)
Email notifications?
Is it possible to get emailed when a watchlist page changes? I'd love that feature. This looks relevant. --beej (talk) 08:02, 27 June 2014 (UTC)
Mobile Stylesheet
I was thinking recently, if geohot agrees to accept it, that I could make a mobile.css file in order to attempt to make a few changes to the site on mobile. This would make it so that it would not be so ugly and if possible, the text might be easier to read. What would everyone think about this? For one thing, I'd like to mobile the "Log out" off the black part of the screen and put it near the "Contributions" button or thereabout. --iAdam1n (talk) 10:37, 7 January 2015 (UTC)
- Instead of a mobile stylesheet to hack up the skin more (like the
ios6
andios7
skins do), I would create a whole new skin. I could write the PHP and JavaScript, and you can write the CSS. --5urd (talk) 17:04, 7 January 2015 (UTC)- If you mean a skin just for mobile, that would be ok but not sure how you could make it selectable with a mobile device but not on desktop. If you could do this, it could work but personally I think a mobile.css would be easier since it has to be previewed in the iOS simulator (that's the way I do it). I couldn't say I'd edit a page without being an admin (unless it's made that I could). --iAdam1n (talk) 17:35, 7 January 2015 (UTC)
- I was going to mention that MediaWiki includes a sorta-mobile theme called Chick, but it seems that's long gone. MW's changed a lot since I used it, but the way it worked was it subclassed MonoBook (so there was no need to duplicate the HTML template) and swapped its CSS for its own (screenshot).
Come to think of it, whoa, I even wrote my own skin called iWiki. Was never updated for MW 1.17, which made breaking changes to the skin API. I probably won't have the time to update it, but maybe someone else could? kirb (talk) 09:01, 8 January 2015 (UTC)
- I think this is a great idea, since this is actually a wiki about mobiles. No idea why it hasn't been done already. — Spydar007 (Talk) 15:17, 8 January 2015 (UTC)
- | There is a mobile pluggin for Media Wiki that will make it look very nice MWoolweaver (talk) 07:22, 1 February 2015 (UTC)
Bite-sized editing tasks
It seems fun to make a list of relatively easy useful edits that new editors can do who are interested in helping, maybe at The iPhone Wiki:Bite-sized editing tasks or a similar page, and link it from the homepage here. I'd include the following as a start:
- Look at the list at Special:LonelyPages and figure out whether some of those pages should be linked within other pages on the wiki, and then go link them.
- Check the links at Useful Links and remove broken/outdated sites and add relevant new sites (but don't spam your own stuff).
- The iOS version table at SHSH should be listed in reverse-chronological order, with newest versions first instead of oldest versions first.
- If you run into a scam site, add it to the table at Scam Jailbreaks and Unlocks.
- If you're reading an article and some part of it is confusing to you, post a message on the "talk" page (click the "Discussion" tab at the top of the article) explaining your question or what you found confusing, so that other editors can use this as a suggestion for improving the article.
Ideas? Opinions? Britta (talk) 09:31, 14 May 2015 (UTC)
How to report problems
I saw people concerned on Twitter about the skin! Like iAdam1n said on Twitter, saurik just got a copy of the settings, images, and database from geohot and put them into a new site with an upgraded version of MediaWiki; he's asking geohot for a copy of the skin files. In general if you see problems or have requests for new extensions or other changes, it's totally fine to post them here and I'll see them and ask saurik to check it out. If something is more immediate and doesn't need discussion (like something missing, major errors, mysterious downtime, etc.), you can PM me or saurik on IRC (his IRC server is best, irc.saurik.com). Maybe good to post here too in those cases (if the site isn't down at the time) so other people know he's been alerted. Britta (talk) 18:44, 14 May 2015 (UTC)
More about how to report more immediate problems (or problems that require some level of privacy, such as a major security issue or "Britta has gone rogue") - if you don't use IRC, emailing me is also fine (britta@saurikit.com). Emailing saurik (saurik@saurik.com) won't be seen as quickly, but if you write a meaningful subject line (like "TheiPhoneWiki is giving error 403 upon login right now" or "Britta is putting glitter sparkle GIFs all over TheiPhoneWiki"), it'll likely be seen. Moving to a new server/admin can have some adjustment bumps but they can be fixed! Britta (talk) 03:03, 15 May 2015 (UTC)
Apple internal content on the Wiki
I want to know what people think about having internal content on the Wiki. Some of the current content definitely needs some cleaning up and general editing. Should we publish information about internal firmwares? And is it okay to upload pictures of prototypes? Feel free to ask more questions. --Srb21103 (talk) 05:08, 18 May 2015 (UTC)
- Looking through The iPhone Wiki:Ground rules, it says "No posting of copyrighted material. Anything that could legally get us in trouble should not be posted, ever." I'm not sure what other precedent here has been. Britta (talk) 10:31, 18 May 2015 (UTC)
JailbreakCon mini-talks
Hi wiki people! I'm working on gathering people to do mini-talks (5-10 minutes) for JailbreakCon in June in San Francisco, and it would be cool to have some more people speaking who contribute to the community in ways other than tweak development. Work other than development is important work too, such as documentation. If anyone who has put some effort into improving TheiPhoneWiki can attend and would like to give a mini talk about working on the wiki, let me know via the contact form on the site. Britta (talk) 00:35, 26 May 2015 (UTC)
File System Crypto
I just added Zdziarski's blog to the wiki (with his permission). I would recommend to take this apart and make multiple sub-articles, like an article for BAGI, another one for Dkey, etc. and on the page File System Crypto itself, just write the overview, similar to what we have on page 16 of the Sogeti document (wasn't there a newer graphic somewhere?) with some short description. --http (talk) 22:11, 9 June 2015 (UTC)
Renaming Factory Firmware?
It's been brought to my attention that we don't really have anywhere on the wiki to document internal builds of iOS. Considering Factory Firmware consists of what are internal builds of iOS (with different software), I'd like to propose renaming it to Internal Firmware, to broaden its scope a little more. Well, either that or create a brand new page for internal builds. What does everyone think about this? --Dialexio (talk) 06:43, 17 April 2016 (UTC)
Amendments to Rule 3.7
I would like to propose some amendments to Section 3.7, "Do not make numerous, consecutive edits." Recently, device renames and page cleanup have been taking place. As of now, I would classify page moves/deletions as edits. In addition to the 50 edits, I wanted to know— how would you feel about adding an additional 10 actions for page deletions? Considering page deletions are an admin-exclusive action, I don't want this amendment to be misconstrued as admin abuse of power. (Yes, us admins are meant to be subject to this rule as well.)
Another amendment I would like to make involves vandalism. Although it hasn't happened on here for quite a while, vandalism can occur on the wiki. As things currently stand, reverting vandalism would technically count as an edit. I don't think that should be the case, so I would like to add some language that does not count reverting vandalism against the edit limits. --Dialexio (talk) 20:03, 22 March 2017 (UTC)
- I was actually planning on making a topic on this after we had finished with the device names cleanup.
- I propose the removal of the rule entirely. This rule is stupid. I have not found any other wiki anywhere that imposes limits on the number of times a person can edit in a day or hour. It's absurd. Wikis are about collaborative editing. There should not be edit limits.
- Whilst I understand that making lots of edits can clog up RecentChanges, this is not a problem when you can change RecentChanges to show the last 2000 edits in the past 90 days. I could make 500 edits in the space of an hour, and this will not be a problem since RecentChanges can show a rather large amount of edits.
- The wiki is not incredibly active; it's the same few people editing. Vandalism is ridiculously unlikely, since everyone has to create an account to edit and that's a silly reason to prevent the number of edits a person can make. The majority of edits these days equate to Firmware and OTA Updates and details on Jailbreak page. These edits often take up more than 20 edits in an hour due to the growing number of devices. The edits to the device names that we are currently doing involve hundreds of edits. To have to watch how many edits we are making and to only be able to do a certain number is just silly. — Spydar007 (Talk) 20:42, 22 March 2017 (UTC)
- The rule was put into place is because the wiki has seen countless instances of "insignificant" edits (i.e. no major content, just adjustments like renaming "iPhone 4 GSM" to "iPhone3,1"), and there were a lot of complaints about this. We're not going down that road again. The main reason other wikis don't have a rule like this is probably because other wikis never deal with floods of edits just to rename one thing on such a frequent basis. On this wiki, a humongous change like this seems to happen every (other) year. (Why? This shouldn't be the case.) The rule stays, but it's open for amendments— we can increase the limit count, for example. --Dialexio (talk) 21:16, 22 March 2017 (UTC)
- I do think we should increase it. I'd propose either 75 or 100 daily edits and 30 major/minor (30 of each that is) per hour. Especially when we have a new firmware release, it is easy to go over 20 edits and if quick enough, could be done within an hour so I do think we should allow for more. I am with Spydar007 partly though as, although I can see why the rule was useful, we don't get enough editors to really cause an issue with this. If that changed, then we could review it. However, it isn't a make or break for me but I do think removing it would be a fairly good idea due to how few people edit this wiki now. I've also always thought that it would be better to fill Recent Changes on one day with big edits like that are currently taking place and then it be over, than do less edits that take a lot longer. --iAdam1n (talk) 10:22, 23 March 2017 (UTC)
- If that's the reason the rule was put in place, then it should definitely be removed. This rule does not prevent those edits from being made; it simply prevents the number of edits that can be made in a given time. With the same few editors, no one is going to be renaming "iPhone 4 GSM" to "iPhone3,1", or anything like that. And again, this rule doesn't prevent those edits from being made. I've never seen a large amount of these "insignificant" edits being made in any of the time I have had an account on this wiki. I'd say this is to do with the changing userbase of the wiki, and not anything else.
- If you absolutely insist that the rule is kept, then it should be changed to allow 50 edits per hour. No daily limits. This allows for plenty of cleanup to be made. Of course, if we start to see people making silly changes, then a nice message on the user's talk page usually suffices, and a general discussion about why the user feels that page or file should be changed or renamed, and not the creation of a rule to allow you to block the user. This rule was added (and from what I can see, with no discussion) on December 12, 2011. I can see no violations of this rule in silly page moves before this date. I simply do not see a need for this rule, and I feel like it hinders the amount of actually constructive edits to the wiki. — Spydar007 (Talk) 11:07, 23 March 2017 (UTC)
- There absolutely was a discussion. It's not meant to prevent these types of changes, as they can be necessary; it's meant to keep the list of changes accessible/readable, since an edit that's either questionable or notable (e.g. information about a new OTA package format) can easily be buried among 94 edits of merely renaming "iPod touch 4G" into "iPod touch (4th generation)." That said, taking the feedback into account, I think raising the limits to 50 major/50 minor edits per hour, with a daily limit of 150 edits would make a fair compromise. (Not having the daily limit would mean that you can actually make up all of the last 2,400 edits in one day. Uh… No.) --Dialexio (talk) 16:17, 23 March 2017 (UTC)
- The rule was put into place is because the wiki has seen countless instances of "insignificant" edits (i.e. no major content, just adjustments like renaming "iPhone 4 GSM" to "iPhone3,1"), and there were a lot of complaints about this. We're not going down that road again. The main reason other wikis don't have a rule like this is probably because other wikis never deal with floods of edits just to rename one thing on such a frequent basis. On this wiki, a humongous change like this seems to happen every (other) year. (Why? This shouldn't be the case.) The rule stays, but it's open for amendments— we can increase the limit count, for example. --Dialexio (talk) 21:16, 22 March 2017 (UTC)
Okay, I think Axi0mX's contributions highlighted something about this rule: if someone dumps a bunch useful information across numerous pages, it can very easily affect them. Contributions like these were not the intended target of the rule, and people shouldn't be punished for trying to share such information. However, we do need a system in place to limit insignificant changes— we do not, and should not, need to rename a key page every two years. I want to propose changing this to allow informative edits, such as the keys Axi0mX shared, while imposing a limit on inconsequential changes.
The following blurb reflects the changes I wish to make, and will be edited as suggestions are implemented. (Emphasis is added to highlight changes, and will not be part of the rule.)
Edits come in all sizes, from adding substantial amounts of firmware keys to fixing links. We welcome the influx of massive amounts of new information, but more minor edits may be viewed as a nuisance, as numerous edits causes the Recent changes to be filled up. In addition to annoying those that subscribe to the Recent changes feed (via Atom or Twitter), this hinders everyone's ability to discover new information and track down any malicious changes.
Therefore, for every hour (resetting at :00), in addition to an unlimited amount of "informative" edits, you may only make 50 major edits and 50 minor edits. For an edit to qualify as "informative," it should provide a significant amount of new information. While not a definitive list, these are examples of edits that should be considered "informative:"
- Adding encryption keys to a key page.
- Adding a paragraph of technical details explaining how an exploit works.
- Disclosing the existence of a prototype with evidence.
These are examples of edits that would not be substantial enough to qualify as "informative:"
- Adding two sentences to a page.
- Adding a picture of Apple's newest iPhone.
- Creating a key page with no keys.
- Creating a page with only a handful of sentences.
- Edits to a user page.
- Formatting changes.
- Renaming a page.
- Typo fixes.
Do not abuse the ability to mark edits as minor to perform additional edits— if your non-minor edits look considerably similar to minor edits you made in the same hour (or vice-versa), this may be considered abuse. In addition, you may make no more than 150 edits per day (resetting at midnight UTC). Any unused number of edits will not "roll over" to the next hour or day. Avoid "clumping" your edits. (e.g.- Do not make 45 edits at 01:58, and then another 45 at 02:01.) Temporary exemptions can be made at the discretion of administrators and/or the community.
This is a rough proposal, but I think this is going in the right direction. Are there any objections/suggestions? --Dialexio (talk) 02:11, 21 July 2017 (UTC)