Difference between revisions of "The iPhone Wiki:Community portal"

From The iPhone Wiki
Jump to: navigation, search
(The iPhone Wiki's SSL)
Line 25: Line 25:
Actually, I uninstalled the AV just to test, and it still shows the same cert even after browser cleanup.[[User:GeoSn0w|GeoSn0w]] ([[User talk:GeoSn0w|talk]])
Actually, I uninstalled the AV just to test, and it still shows the same cert even after browser cleanup.[[User:GeoSn0w|GeoSn0w]] ([[User talk:GeoSn0w|talk]])
:To what IP does theiphonewiki.com resolve for you? For the record, I get If someone out there has another valid cert for theiphonewiki.com, then that is quite a problem. — [[User:Siguza|Siguza]] ([[User_talk:Siguza|talk]]) 13:16, 18 August 2016 (UTC)

Revision as of 13:17, 18 August 2016

 • 2010 • 2011 • 2012 • 2013 • 2014 • 2015 • 2016 • 2017 •

The iPhone Wiki's SSL

As a security researcher, I have a bad habit of inspecting every SSL certificate I get in my hands, I couldn't ignore the fact that the SSL Certificate used on The iPhone Wiki is provided by CloudFlare (?). If it is, then you guys better buy (with help from some donations maybe?) a Comodo Positive Certificate. Those free certs provided by Cloudflare are shared, and I heard numerous stories about it being simply circumvented or replaced by man in the middle attacks as these certificates only protect a node kinda giving user the false security illusion, but the origin server remains unprotected unless you apply for the Full SSL feature of Cloudflare that requires you to also buy a certificate for the host (if applies).

As you can see, on the FREE certificates, the origin is still not encrypted thus rendering breaches in the system.

This is how Flexible SSL works: [1]

This article worth reading: [2] GeoSn0w (talk) 19:11, 4 August 2016 (UTC)

You seem to have a misconception about what CloudFlare offers on their plans.
* All "levels of SSL" (Off, Flexible, Full, Strict) are available on all plans.
* What is only available to Business and Enterprise plans however, is the option to use your own certificate. Free and Pro plans have no choice.
That said, it should be easy enough to get a free valid SSL cert from Let's Encrypt to use between your server and CF so that you can switch to Strict SSL - even on a free plan.
Also, I'm not sure if Saurik has reacted to this already, but I'm neither seeing a CF-issued SSL cert being used on the wiki, nor does theiphonewiki.com resolve to a Cloudflare IP.
I'm seeing a RapidSSL SHA256 cert that looks like it has been issued on the 3. September 2015, and contains only "theiphonewiki.com" and "www.theiphonewiki.com" as common/alternative name.
Siguza (talk) 23:10, 4 August 2016 (UTC)

Strange, I am seeing a CF signed cert for "graham.ns.cloudflare.com". And is also verified and issued by "Avast! WebShield" (this is kinda misleading because it is generated by my Antivirus), but the CF has no sense to show up in my firefox if you say you use RapidSSL. Actually, I know what CF do and how their shared SSL work, as I use CF myself, and trust me, you can't compare your own cert with the one they provide. Shared certs are not actually yours, they will still point to CF... GeoSn0w (talk)

It sounds like that's your antivirus/security software intercepting your HTTPS traffic. This is generally done with products that contain parental controls to block certain websites from children, but is frowned upon for privacy/security reasons. (For the record, I see the same thing Siguza sees.) --Dialexio (talk) 06:29, 8 August 2016 (UTC)

Actually, I uninstalled the AV just to test, and it still shows the same cert even after browser cleanup.GeoSn0w (talk)

To what IP does theiphonewiki.com resolve for you? For the record, I get If someone out there has another valid cert for theiphonewiki.com, then that is quite a problem. — Siguza (talk) 13:16, 18 August 2016 (UTC)


I think we should include all this old stuff before it gets lost: code.google.com/p/iphone-elite/. I mean the wiki articles there. Most infos should be already here, but I'm sure a lot of things are missing too. --http 15:02, 26 June 2012 (MDT)

Boot-args cleanup

We need to clean up the boot-args pages. First the technical part: What I understand is that iBoot loads the kernel. And when loading it, it can pass some parameters to select certain behavior. So this only works with an iBoot or bootrom exploit. I understand that in earlier firmware versions there was simply an iBoot variable, but that doesn't exist or work anymore, now passing theses args requires a different or patched iBoot. There are various parameters in different kernel versions. The description for these arguments is scattered over various places:

So what do we want to do about this mess? I suggest to move the current Kernel content to the redirect page Boot arguments (or to another new page, maybe boot-args). The current content of Boot-args (iBoot variable) and all other content should get merged into there. Then change all references to this new page and on the Kernel page write just something short with "main article there". What do you think? --http (talk) 21:31, 13 February 2013 (UTC)

I like Boot Arguments. --5urd (talk) 02:01, 14 February 2013 (UTC)
One addition: Maybe we should use boot-args as the main page, because all links are written like that. --http (talk) 07:37, 14 February 2013 (UTC)

Easy tasks for new editors

  • Finish converting the remaining error codes listed here MobileDevice_Library#Known_Error_Codes into the proper mach_return_t codes they should be displayed as. (convert the negative number listed into hex, strip any leading "FF" so it should be in the format "0xe80000" followed by two numbers) --Dirkg (talk) 22:40, 28 August 2013 (UTC)

Email notifications?

Is it possible to get emailed when a watchlist page changes? I'd love that feature. This looks relevant. --beej (talk) 08:02, 27 June 2014 (UTC)

Mobile Stylesheet

I was thinking recently, if geohot agrees to accept it, that I could make a mobile.css file in order to attempt to make a few changes to the site on mobile. This would make it so that it would not be so ugly and if possible, the text might be easier to read. What would everyone think about this? For one thing, I'd like to mobile the "Log out" off the black part of the screen and put it near the "Contributions" button or thereabout. --iAdam1n (talk) 10:37, 7 January 2015 (UTC)

Instead of a mobile stylesheet to hack up the skin more (like the ios6 and ios7 skins do), I would create a whole new skin. I could write the PHP and JavaScript, and you can write the CSS. --5urd (talk) 17:04, 7 January 2015 (UTC)
If you mean a skin just for mobile, that would be ok but not sure how you could make it selectable with a mobile device but not on desktop. If you could do this, it could work but personally I think a mobile.css would be easier since it has to be previewed in the iOS simulator (that's the way I do it). I couldn't say I'd edit a page without being an admin (unless it's made that I could). --iAdam1n (talk) 17:35, 7 January 2015 (UTC)
I was going to mention that MediaWiki includes a sorta-mobile theme called Chick, but it seems that's long gone. MW's changed a lot since I used it, but the way it worked was it subclassed MonoBook (so there was no need to duplicate the HTML template) and swapped its CSS for its own (screenshot).
Come to think of it, whoa, I even wrote my own skin called iWiki. Was never updated for MW 1.17, which made breaking changes to the skin API. I probably won't have the time to update it, but maybe someone else could? kirb (talk) 09:01, 8 January 2015 (UTC)
I think this is a great idea, since this is actually a wiki about mobiles. No idea why it hasn't been done already. — Spydar007 (Talk) 15:17, 8 January 2015 (UTC)
| There is a mobile pluggin for Media Wiki that will make it look very nice MWoolweaver (talk) 07:22, 1 February 2015 (UTC)
I completed this a while ago but forgot to comment about it. If anyone has any improvement requests, feel free to list them and I'll take a look. --iAdam1n (talk) 11:07, 24 April 2015 (UTC)

Bite-sized editing tasks

It seems fun to make a list of relatively easy useful edits that new editors can do who are interested in helping, maybe at The iPhone Wiki:Bite-sized editing tasks or a similar page, and link it from the homepage here. I'd include the following as a start:

  • Look at the list at Special:LonelyPages and figure out whether some of those pages should be linked within other pages on the wiki, and then go link them.
  • Check the links at Useful Links and remove broken/outdated sites and add relevant new sites (but don't spam your own stuff).
  • The iOS version table at SHSH should be listed in reverse-chronological order, with newest versions first instead of oldest versions first.
  • If you run into a scam site, add it to the table at Scam Jailbreaks and Unlocks.
  • If you're reading an article and some part of it is confusing to you, post a message on the "talk" page (click the "Discussion" tab at the top of the article) explaining your question or what you found confusing, so that other editors can use this as a suggestion for improving the article.

Ideas? Opinions? Britta (talk) 09:31, 14 May 2015 (UTC)

How to report problems

I saw people concerned on Twitter about the skin! Like iAdam1n said on Twitter, saurik just got a copy of the settings, images, and database from geohot and put them into a new site with an upgraded version of MediaWiki; he's asking geohot for a copy of the skin files. In general if you see problems or have requests for new extensions or other changes, it's totally fine to post them here and I'll see them and ask saurik to check it out. If something is more immediate and doesn't need discussion (like something missing, major errors, mysterious downtime, etc.), you can PM me or saurik on IRC (his IRC server is best, irc.saurik.com). Maybe good to post here too in those cases (if the site isn't down at the time) so other people know he's been alerted. Britta (talk) 18:44, 14 May 2015 (UTC)

More about how to report more immediate problems (or problems that require some level of privacy, such as a major security issue or "Britta has gone rogue") - if you don't use IRC, emailing me is also fine (britta@saurikit.com). Emailing saurik (saurik@saurik.com) won't be seen as quickly, but if you write a meaningful subject line (like "TheiPhoneWiki is giving error 403 upon login right now" or "Britta is putting glitter sparkle GIFs all over TheiPhoneWiki"), it'll likely be seen. Moving to a new server/admin can have some adjustment bumps but they can be fixed! Britta (talk) 03:03, 15 May 2015 (UTC)

Apple internal content on the Wiki

I want to know what people think about having internal content on the Wiki. Some of the current content definitely needs some cleaning up and general editing. Should we publish information about internal firmwares? And is it okay to upload pictures of prototypes? Feel free to ask more questions. --Srb21103 (talk) 05:08, 18 May 2015 (UTC)

Looking through The iPhone Wiki:Ground rules, it says "No posting of copyrighted material. Anything that could legally get us in trouble should not be posted, ever." I'm not sure what other precedent here has been. Britta (talk) 10:31, 18 May 2015 (UTC)

JailbreakCon mini-talks

Hi wiki people! I'm working on gathering people to do mini-talks (5-10 minutes) for JailbreakCon in June in San Francisco, and it would be cool to have some more people speaking who contribute to the community in ways other than tweak development. Work other than development is important work too, such as documentation. If anyone who has put some effort into improving TheiPhoneWiki can attend and would like to give a mini talk about working on the wiki, let me know via the contact form on the site. Britta (talk) 00:35, 26 May 2015 (UTC)

File System Crypto

I just added Zdziarski's blog to the wiki (with his permission). I would recommend to take this apart and make multiple sub-articles, like an article for BAGI, another one for Dkey, etc. and on the page File System Crypto itself, just write the overview, similar to what we have on page 16 of the Sogeti document (wasn't there a newer graphic somewhere?) with some short description. --http (talk) 22:11, 9 June 2015 (UTC)

Renaming Factory Firmware?

It's been brought to my attention that we don't really have anywhere on the wiki to document internal builds of iOS. Considering Factory Firmware consists of what are internal builds of iOS (with different software), I'd like to propose renaming it to Internal Firmware, to broaden its scope a little more. Well, either that or create a brand new page for internal builds. What does everyone think about this? --Dialexio (talk) 06:43, 17 April 2016 (UTC)