Alex's approach
Alex's approach
Posted Jun 27, 2024 16:06 UTC (Thu) by tialaramex (subscriber, #21167)Parent article: Python grapples with Apple App Store rejections
For example TLS 1.3 as designed has Downgrade prevention, if you try to *pretend* by meddling with the TCP data that somebody else's server doesn't know TLS 1.3, then either you tip off the server that you're interfering or you tip off the client, or both. There is no way to get to a scenario where the client thought it asked "Do you speak TLS 1.3?" but the server thought the client asked only "Do you speak TLS 1.2?" without the session being torn down.
But, of course idiot middleboxes broke this. Because they don't implement TLS properly, they'd hide the client's real question about TLS 1.3 from the server, but they'd pass through its answer to the question they did ask, thus exactly performing a downgrade, which sets off the downgrade prevention, your browser just closes the session. This was discovered after TLS 1.3 shipped, because Downgrade prevention obviously can't be enabled pre-standard, that's a DOS against yourself in the standards development process.
So, Google shipped builds of Chrome with a hack, _if_ you turned on the hack and _if_ the server says "I'm a TLS 1.3 server but you claimed not to know TLS 1.3 so that's fine, unless you were downgraded" this Chrome ignores the problem. Temporarily. This damages your security, but you're using a middle box, you already don't have any security, that's what you paid money for, to destroy your security.
Google told the affected vendors that their customers could enable this hack (in their installed Chrome builds) and *crucially* it told them that in a fixed period of time this hack would just be summarily deleted from Chrome. They were not going to reify this nonsense as part of the protocol design, it was a temporary hack to get some people working while these companies fixed their shit.
And they did it. Years ago now Chrome just deleted the hack. If your middle box vendor didn't fix their bug in a reasonable timeframe, or you couldn't be bothered to install their fix - now Chrome doesn't work, too bad. Everybody gets reliable TLS 1.3
Without making it clear that this stops working in (say) 12 months, there is *no* incentive for Apple to fix it, for Apple's developers to care that it's a problem, for anybody to do anything except dump on the Python maintainers whatever they can't be bothered to fix. They're making their own lives worse.
If they set a specific deadline and stick to it, it's clear what the problem is, that doesn't mean Apple will care, but too bad, you offload the problem onto exactly the people who wanted it, Apple developers, people who are used to and have accepted that they have an unhealthy masochistic relationship to an unfeeling corporation. There is no reason why anybody involved in Python who doesn't share that weird relationship should be inconvenienced.
Posted Jun 27, 2024 16:20 UTC (Thu)
by pbonzini (subscriber, #60935)
[Link] (8 responses)
The question is, why would Apple have any incentive to fix it? In the middlebox case, the makers get money and have support contracts with whoever buys their products. In Apple case, app developers have no alternatives than Apple if they want their app to run on iPhone/iPad, and Apple gets money from users, not from app developers.
So the odds are completely stacked against the app developers, and if Python tried to put any deadline on the workarounds, the only effect would be to place them between the hammer (Python) and the anvil (Apple).
Posted Jun 27, 2024 18:14 UTC (Thu)
by mb (subscriber, #50428)
[Link] (7 responses)
I don't know.
If they now decide to *voluntarily* drop Python support from the App store, it is their decision and we should respect that.
If they care about Python on their platform, they can add an exception to their obviously completely broken checker.
>So the odds are completely stacked against the app developers
That's the case anyway.
The Apple platform is fully proprietary and Apple decides everything anyway.
Posted Jun 27, 2024 18:59 UTC (Thu)
by pizza (subscriber, #46)
[Link] (6 responses)
Why would Apple care about squishing an ant as they walk?
Posted Jun 27, 2024 19:04 UTC (Thu)
by mb (subscriber, #50428)
[Link] (5 responses)
Posted Jun 27, 2024 19:55 UTC (Thu)
by pbonzini (subscriber, #60935)
[Link] (4 responses)
Posted Jun 27, 2024 20:15 UTC (Thu)
by mb (subscriber, #50428)
[Link] (3 responses)
Users must complain to Apple. They broke Python.
Posted Jun 28, 2024 9:04 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link] (2 responses)
Or CPython can fix it once and we can all move on with our lives. IMHO the easiest solution is to just drop the string from urllib altogether - it's there to support Apple devices in the first place. Apple doesn't want it there? Fine, it's gone. Good riddance.
Posted Jun 28, 2024 15:43 UTC (Fri)
by mb (subscriber, #50428)
[Link] (1 responses)
That's Ok. They decided to play by the rules of Apple. So they should carry the workaround for Apple's stupid decisions.
Why should Python care?
>Apple doesn't want it there? Fine
Yes. It's fine. It's their decision and their problem.
>Fine, it's gone. Good riddance.
Do you realize that this is not a fix of the actual problem?
Why should we let Apple indirectly make stupid decisions for an independent Open Source project?
Posted Jun 28, 2024 18:53 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link]
The question is not why Python should care about iDevices. The question is why Python should care about the Apple ecosystem at all. itms-services is not a standard protocol. It appears in no RFC (that I've ever heard of). It is purely an Apple thing. And now it is causing problems, that were also created by Apple.
Why should Python even waste time thinking about any of this? Just yeet the whole thing out of urllib, and Apple developers who want to use this protocol for whatever reason can take a PyPI dependency.
But you don't even need a PyPI dependency, because urllib already DTRT on protocols it does not understand:
The string itms-services only appears in a list that tells the parser that it "uses netloc" (i.e. it should have a netloc part after the scheme, unlike say file://). As you can see above, it will happily parse nonsense schemes with netloc even if they are absent from said list. So at most, this might get you stricter checking in a few corners of the API, but it is probably not a showstopper.
Alex's approach
Alex's approach
Apple *clearly* caused the breakage. That's why they should care.
And developers and users already agree to that. That's the deal.
Alex's approach
Alex's approach
Alex's approach
Alex's approach
Happy whack a mole.
Alex's approach
Alex's approach
Apple will append something else to the list of forbidden words tomorrow.
Alex's approach
>>> urllib.parse.urlsplit('nonsense://www.example.com:80/foo/bar')
SplitResult(scheme='nonsense', netloc='www.example.com:80', path='/foo/bar', query='', fragment='')