Apple In Trouble With Developers 343
geek writes "According to Marco Arment, the creator of Instapaper, Apple may be in trouble with developers. According to Arment, the new sandboxing guidelines from Apple are pushing developers away in droves. 'I've lost all confidence that the apps I buy in the App Store today will still be there next month or next year. The advantages of buying from the App Store are mostly gone now. My confidence in the App Store, as a customer, has evaporated. Next time I buy an app that’s available both in and out of the Store, I’ll probably choose to buy it directly from the vendor. And nearly everyone who’s been burned by sandboxing exclusions — not just the affected apps’ developers, but all of their customers — will make the same choice with their future purchases. To most of these customers, the App Store is no longer a reliable place to buy software.' Arment also comments on the 'our way or the highway' attitude Apple often takes in these situations and how it may be backfiring this time around."
Pray I don't change them further.... (Score:5, Insightful)
Remember, that line didn't even work out for Vader and he had Star Destroyers and millions of clone troopers at his command. If you have the upper hand you can sometimes force people to accept a one sided deal. But if you go beyond that and keep changing the terms on it eventually everyone figures out they might as well take their chances because they are hosed anyway. You have to leave them some hope of survival.
I especially liked how the article has this:
"This even may reduce the long-term success of iCloud and the platform lock-in it could bring for Apple. Only App Store apps can use iCloud, but many Mac developers can’t or won’t use it because of the App Store’s political instability."
Anyone who would write that, in the context of it being a good thing!, is obviously a Kool-Aid drinker. When you are driving those people away it is a warning sign.
Imagine how badly Microsoft is going to bungle this same gambit. Notice how Valve is already running for the exits? Uh huh, good times ahead for everyone!
Re:Pray I don't change them further.... (Score:5, Funny)
But, according to John Romero, Android is a piracy platform and Apple TV will make you his bitch!
And now! Daikatana 2!
Re: (Score:3, Insightful)
But, according to John Romero, Android is a piracy platform and Apple TV will make you his bitch!
And now! Daikatana 2!
In other news, different developers have different opinions.
Re:Pray I don't change them further.... (Score:4, Informative)
Bollocks. All kinds of apps are simply impossible to produce within the constraints imposed by the App Store. Like menubar icons that let you plug into iTunes for example (and before you point out that tools like these already exist, I will point out that those are all using temporary entitlements.
I strongly suspect cool apps like TotalFinder also violate no end of App Store policies as well.
Or how about an app that simply goes through a folder and renames/deletes some files according to user parameters (like A Better Finder Rename for example)? Impossible - permission must be obtained by means of a file open dialog for every single file the app wants to manipulate.
Sandboxing is bullshit. Or rather, Apple's implementation of it is bullshit.
Re:Pray I don't change them further.... (Score:5, Insightful)
Re:Pray I don't change them further.... (Score:4, Funny)
altered that line!
Re:Pray I don't change them further.... (Score:5, Funny)
alter, alter! not 'change'...
Perhaps he-sa tryin' to be avoidin' LucasArt lawyerin'!
Re:Pray I don't change them further.... (Score:5, Funny)
2012 and we still can't punch people in the face over TCP/IP...
Re: (Score:2, Insightful)
Re: (Score:3)
It's too late. The lawyers shot first.
Re: (Score:2)
Pray I don't Altair [wikipedia.org] them any further???
Re: (Score:2)
Re: (Score:2, Interesting)
Only copy of Star Wars 4/5/6 I have are the laserdisc masters that Lucas released to DVD. (Would be nice if he released the laserdisc masters to Bluray, and eliminate the dvd artifacting, but I'm not holding my breath.) I will watch the special defect versions if they air on TV, but I refuse to purchase them. Bad enough I paid $20 to see the primitive 90s CGI in the theater.
Re: (Score:2)
Harmy's Despecialized Editions.
Re:Pray I don't change them further.... (Score:5, Funny)
Yea, you are right. I was in a hurry so do I still have to turn in my geek card?
Say a couple "I'm am your father"s or "Do or do not. There is no try"s. You might be forgiven.
Better line would have been "The more you tighten your grip, ..., the more ... will slip through your fingers."
Re: (Score:2)
Yea, you are right. I was in a hurry so do I still have to turn in my geek card?
Nah, perhaps you were the victim of subliminal lucassing.
Re:Pray I don't change them further.... (Score:5, Funny)
It's funny how George Lucas pretty much did in the Special Editions to the fans (and future fans) what Vader did to Lando in ESB. Well, not exactly funny, but ironic maybe?
Huh? It's been a while, but I don't recall a scene where Vader slaps Lando to the ground, says, "suck it, bitch, you'll buy it anyway" and shits in his face.
(That's one kind of dramatic scene where a cape just doesn't work.)
Re: (Score:2, Insightful)
All the more reason for Apple to hurt Android as much as they can, including Samsung, maker of wunnerful stuff Android-ish. If your developers flee to the greener pastures of Android, you must somehow poison those pastures so they have nowhere to run.
Re:Pray I don't change them further.... (Score:4, Informative)
Remember, that line didn't even work out for Vader and he had Star Destroyers and millions of clone troopers at his command.
No he didn't. By "A New Hope", all of the clone troopers were dead or in retirement homes (they had their aging accelerated). The Storm Troopers were standard grunts hired from a thousand colony planets. Kenobi thinks they're the super precise shooting clones he remembers, but he's wrong. The only surviving clone is Boba Fett.
Re: (Score:3)
Regarding Valve... (Score:3)
Notice how Valve is already running for the exits?
You may not have noticed, but the main reason Valve (and specifically Gabe Newell) feels that Windows 8 is the worst thing ever hoisted on humanity may have something to do with the fact that Windows 8 has a built-in facility (the Metro app store) that has ability to overtake the virtual monopoly that Valve has built with Steam for the digital delivery of PC games.
Win8 is really a shot across the bow of Valve's business model. They'd better have a plan B in place -- and no, Linux is not a viable plan B.
Re:Regarding Valve... (Score:5, Insightful)
Valve will be fine. They'll just have competition.
Did anyone ever believe that Valve would never face any challenges from competitors? As long as they keep delivering value, they'll continue to do well.
The notion that success can only mean you are #1 in your sector is one of the things that's hurting business in what passes for capitalism in the 21st century. Like an old commercial used to say, number 2 has to try harder, and even though most corporations don't like it, "trying hard" is supposed to be part of the deal. We've had too many corporations who have believed "trying hard" means killing all your competition via the legal system instead of the marketplace.
Re:Pray I don't change them further.... (Score:5, Insightful)
And yet, all the best games and applications are still being written for OSX, Windows, and iOS. You can keep preaching about how great open software is, but when it's hard to make money off the platform, the best developers are never going to go there. You're preaching idealism. MS and Apple preach profits. We live in a capitalist society - guess who wins?
The gravy train comes with no guarantee you will always remain on it. Apple prospers while those who do business with Apple prosper. When Apple tries too hard to prosper all by themselves they begin to look like that company which nearly died before the second coming of Jobs.
The big deal about sandboxing (Score:5, Informative)
I suspect people reading here dont' have a clue about sandboxing or what a BFD it is. Sandboxing is massively overdue. It's been available for years and years in OSX but there has been a zero adoption rate. I came across it in Xgrid, an apple application which relied heavily on it.
Xgrid is a job server that lets other people run jobs on your computer---safely. How the heck do you do that safely and still have left an environment that can do anything at all. You can't do this with linux permissions or firewalls. But you can with sandboxing. in sandboxing you specify in detail what resources every application has access to. What parts of the file system it can't see even if it has unix permissions. What parts of a network it can access. How much memory it can use. etc... It's a universal wrapper that can be created for every program.
Since firefox can be wrapped it's insane to use any browser without wrapping. If some roque plug in contains the ability to do something nasty you dont' care because it can't. it can't access resources it needs. You are essentially shutting down bad behaviour not bad apps.
So why is it not default?
Cause it's annoying to set up. If you take shortcuts in your application based on giving it more privledges than it needs you get punished by the sandbox.
lazy developers hate it.
time to force the issue. it's good for consumers.
It doesn't do anything for apple, other than make the OS better.
Re:The big deal about sandboxing (Score:5, Interesting)
The problem is that Apple has not developed system wide functions to replace many of the things they are taking away... And for the things they are replacing, they are going for the heavy-handed iOS approach and locking devs down to only sharing specific Apple-approved file types. Basically having the computer act like a "system" is dead in favor of manual apps. The idea of using Apple Script to string your own custom workflow of little apps is right out the window.
Add insult to injury, Apple seems to be preemptively "Sherlock-ing" their most prosperous Mac Devs about one OS version BEFORE Apple copies them. now they are pulling apps and leaving USERS in the lurch without features they had yesterday.
Re: (Score:2)
But Jobs is dead.
We all know from experience what kind of decisions Apple makes when Steve is not at the helm.
Apple is dying now that Steve is dead.
Re: (Score:3, Insightful)
Holy shit, you're on a roll.
"When the lockdown hits x86"?
Re: (Score:3, Informative)
That is not correct. Apple is sandboxing Mac OS X and Mac OS apps will have to be sandboxed to be accepted into the Mac OS app store very soon.
When you load up Mountain Lion, you will discover that by default the system will not run unsigned apps, including the ones you bought from them and other notable vendors.
Note that "signed" does not imply "sandboxed". The default Gatekeeper setting means that, unless you do Special Stuff, applications downloaded from the Intertubes (by programs that set the "quarantined" extended attribute, at least; dunno if any applications that set it do so only if they were downloaded from an "external" site, for some definition of "external") can't be launched with a double-click (or, presumably, automatically through some code paths) unless they're from the Mac App Store or signed by
Re: (Score:2, Interesting)
but they are stating on the record the Linux port is a hedge against a future where that won't be possible.
Funny since that was the same thing I said. So again, where did Valve start "running for the exits"?
So Valve is positioning itself in front of the exit.
Viva subtility!
well (Score:2)
Re:well (Score:5, Funny)
Re: (Score:2)
Snake Bites Own Tail (Score:2)
and it's not even Quezovercoatl
I guess the squeezing of developers & customers has finally come around to hurt Apple, after such a promising start, too. Couldn't happen to a nicer company.
Re: (Score:2)
and it's not even Quezovercoatl
I think you have your serpents of legend a bit confused [wikipedia.org]
Re: (Score:2)
He's referring to London Fog mythology.
Re: (Score:2)
He's referring to London Fog mythology.
Hmm... I don't see a raincoat reference anywhere.
Perhaps the walled-garden was bad after all. (Score:4, Insightful)
These are the things you get with the lack of openness - in favor of the One True Platform where everything must submit to the One True Experience
Re: (Score:2)
These are the things you get with the lack of openness - in favor of the One True Platform where everything must submit to the One True Experience
And the fun bit(!) -> When so many people have bought Apps developed outside the sandbox and they won't run on the next i(thingy) so people are less likely to upgrade right away <- thus hitting the ol' Wall Street revenue expectations.
Ah, what a tangled web the weave. Where's me popcorn?
Re: (Score:2)
These are the things you get with the lack of openness
Internet whining? You pretty much get that all the time, regardless of openness.
App Store (Score:4, Insightful)
This summary contains the word "App Store" a few more times than necessary...
Re: (Score:2)
Re: (Score:3, Funny)
They didn't App Store it would App Store you so much.
Re:App Store (Score:5, Insightful)
And it missed a line:
"Disclaimer: Marco Arment, the creator of Instapaper, is likely more than a bit disgruntled with Apple, now that the functionality of Instapaper has been rolled into Safari."
Apple has a history of driving away developers by incorporating their ideas into the bundled apps. Not many developers though... only those of really well thought out OS enhancements.
While Marco does have a point, the timing of the statement smacks more than a bit of sour grapes. As a developer, he's known the sandboxing exemptions were temporary for, well at least a year. He's had more than a month since the sandbox closed its lid. I think he'll find that anyone developing heavyweight applications never even entered the App Store; they're still going strong on their own. The App store does great things for apps that are happy to live within the sandbox though; lightweight apps that have nothing to do with managing the computer but instead accomplish specific tasks.
What Marco will find is that for every serious application developer leaving the Mac App Store, there are 50 App developers moving in -- some of them migrants from the iOS App Store, who are just adding a secondary target to their development builds.
In my opinion, the App Store was never the place for non-sandobxed software in the first place. In time, Apple may create more sandbox features that will enable more heavy applications to re-enter the Store, but this will only be after the honeymoon period is over with the "App" crowd -- expect another year of shakedown before anyone doing complex OS tasks can "trust" the store.
Kudos to Apple though for starting in restricted mode and slowly enabling more features -- and at the same time having a blanket exemption period for more serious developers to play with the store and see if it's right for them.
Re: (Score:3, Informative)
And it missed a line:
"Disclaimer: Marco Arment, the creator of Instapaper, is likely more than a bit disgruntled with Apple, now that the functionality of Instapaper has been rolled into Safari."
Apple has a history of driving away developers by incorporating their ideas into the bundled apps. Not many developers though... only those of really well thought out OS enhancements.
What you really mean is that Apple has a history of outlawing functionality of a popular app, then promptly rolling the feature they outlawed into their own software. They make Microsoft's history of steamrolling ISVs look positively friendly. In fact, Apple does exactly what everyone here complains about Microsoft doing - except they do it much more frequently.
A lot faster than I thought (Score:2, Insightful)
I figured a year or two before Steve being gone would doom the Appleistas. Happened a lot faster than I thought.
Perhaps they'll have less profits to hide in tax structures in other countries so they don't have to pay Uncle Sam.
Re:A lot faster than I thought (Score:4, Insightful)
Except there is no evidence that developers are "leaving in drones" neither from the linked blog posting or anything from the summary. That was just sensationalism added in to rile up the Apple crowd.
Re:A lot faster than I thought (Score:5, Funny)
Except there is no evidence that developers are "leaving in drones"
If i were leaving i don't think a drone would be my preferred conveyance.
Re:A lot faster than I thought (Score:5, Insightful)
Who needs evidence? Apple is "in Trouble". Because someone has a complaint. No one ever had a complaint before. Ever.
Agree (Score:2, Insightful)
Re:Agree (Score:5, Interesting)
If you go back to the article Ament links to [postbox-inc.com], their complaints are:
None of these, save the last one, have anything to do with sandboxing. The last one does, but I don't understand it, because access to the user's calendar and photos are explicitly-defined entitlements that you can access, all you have to do is check a box in Xcode. A sandboxed app cannot access the filesystem of the computer, except for paths specifically named by the user in an Open or Save dialogue (the dialogue boxes are run by a separate daemon that passes the paths to the client application over IPC, so you can't futz with it to pick open more of the user's fs than they specifically let the application see.) Obviously this is deadly to bulk renamers, but I don't understand the complaint in the context of document creation, utilities or accessories, games, or really anything but document indexers -- which would have to just be sold the old fashioned way, on a website.
Re: (Score:3)
I agree, sandboxing has been a bitch. Should be able to turn it off for apps the user trusts...
The user can choose to install and run applications that are not sandboxed. Apple just doesn't sell or distribute such apps on the app store. Once an app works sandboxed, there is no point in being able to turn the sandbox off.
But sandboxing is not only about the user trusting an app. I may trust that an app is not intentionally malicious. That doesn't mean it can't have bugs that could be exploited by a hacker, and at that point sandboxing means that the hacked application is _still_ restricted by the s
He's talking about the new MAC app store (Score:4, Informative)
not the App Store most people are thinking of (the iphone/ipad one). TF summary is misleading.
The mobile App store's always been restrictive, and it seems to have done okay... nothing to see here.
Uh huh... (Score:2, Funny)
According to Arment, the new sandboxing guidelines from Apple are pushing developers away in droves.
Though nothing in his blog post actually says or even hints at this. But it's fun to pull things out of our ass, eh?
Re: (Score:2)
I try to check out all the comments before posting a reaction to a summary, to make sure someone else hasn't already raised the point. And you have.
"This is horrible, everyone hates it!"
Who hates it? why?
"Because it's horrible and I hate it!"
Oh. I see. (clicks "ignore")
Re: (Score:3)
According to Arment, the new sandboxing guidelines from Apple are pushing developers away in droves.
Though nothing in his blog post actually says or even hints at this. But it's fun to pull things out of our ass, eh?
This also misses the points that there are no "new sandboxing guidelines" -- they've been the same since the App Store opened. The only difference is that now they're not just guidelines; they're being enforced -- and that after two extension periods.
As an Apple hater, I disagree. (Score:5, Insightful)
But this? I think this is a move in the right direction. The added security benefits sandboxing brings far outweigh any negative consequences a few developers too lazy to implement something Apple's been telling them they need to implement for the better part of a year might experience (at least according to the OS X review a few days ago from Ars Technica). And it's not like these developers have no recourse; as long as they register with Apple or whatever, the default OS setting will allow users to go download those products from the vendor's website.
There are plenty of reasons to hate Apple. Their push toward better security practices is not one of them.
Re:As an Apple hater, I disagree. (Score:5, Insightful)
Until Apple decide it wants your software's market share and removes your App from the App Store because Apps that compete directly with official Apple products are not allowed.
Re:As an Apple hater, I disagree. (Score:5, Insightful)
Re: (Score:2)
Security enhancements should always be welcome. For now they still provide an option to install applications that do not follow the Apple signing requirements and that is good. The problem is when Apple is forbidding APIs to be used if you do not distribute the application on the Mac App Store. I am pretty sure if Google or Microsoft start blocking APIs and make the exclusive to their applications on their store, some people will get mad (with justification)
Re:As an Apple hater, I disagree. (Score:5, Insightful)
The problem is when Apple is forbidding APIs to be used if you do not distribute the application on the Mac App Store.
These are APIs that allow the user to store things on servers that Apple is paying for. So it's not just "using an API", it is "using infrastructure that is paid for by Apple".
Re: (Score:3)
They don't need an excuse. "It belongs to us and that's what we decided" is sufficient.
Re:As an Apple hater, I disagree. (Score:4)
Easy, to prevent abuse and malware spreads.
First off, developers suck. Yes, that includes you and me. For every well-written to-the-API app, there's dozens of others that take shortcuts and cheat at things, usually in the name of "making release" or "fixing a bug".
The sandboxing requirement was well known going into the App Store at least over a year ago. All developers knew about the deadline, and it was extended, twice as they weren't ready. Why? Because they didn't have to do it! But now that Apple forced them, they suddenly realize that they need to do it, and fast. It's unfortunately also Business 101 - even if you announce a change years in advance, remind them to the point of nagging, some company with something that's worked fine for all those years suddenly realizes you mean business and has to scramble to meet new requirements. Despite having years to get ready. Very few, if any, will actually try to get ahead of the curve and meet the new requirement ahead of time.
As for limiting iCloud to App Store Apps - it's probably with sandboxing. Imagine you had a regular app that had a bug and used iCloud. A smart malware writer will exploit your app to infect a user's document stored on iCloud so even if the user wipes their mac, the instant they use the app, they're infected again because of an exploit in your app.
Try diagnosing THAT as technical support. Sandboxed apps using iLcoud - well the app can get infected, but that infection is confined through the sandbox to that app only.
Or imagine it's a different file - let's say a specially crafted file using some exploit in libjpeg or other imaging library. If a sandboxed app loaded it, it gets infected, but that infection is confined to that app only. If it was available to all apps, all it would take is a vulnerable one to infect *all* your Macs simultaneously through iCloud.
The other alternative is to have Apple scan and delete infected files off their servers. But I'm sure that will go over really well with people.
One final reason is well, everywhere you have the app, you have access to your files via iCloud, since all app stores Apple has are tied to iCloud now. Let's say you buy some nifty editor off the Mac App Store. You go to a new Mac, login and redownload the editor and boom, the files are there. If it was the other way, you'd have to find the editor's website, somehow manage to get the registered copy (hoping it's not machine-locked!) and then get at your files. Less convenient, while the other way puts more work on the developer, the user gets a much better experience.
As for developers screwing their customers - two sides to the coin. Apple is withholding from developers the IDs of who purchased their apps, probably for the better (given all the hacks and stealing of customer databases, you'll probably fine many developers would have pretty shoddy websites vulnerable to SQL attacks, buffer overflows, plain text customer lists out in the open, etc. Hell, there's probably someone out there who stores their entire customer database as a series of emails on a publicly-accessible IMAP server. (You will easily find that while they can code up wicked stuff for an app, but then fail to take basic security precautions for their website...).
Re: (Score:3, Informative)
Apple will not reach Microsoft's level of evil until they have a monopoly. They don't. Not even close. I don't like Apple all that much, but the level of Microsoft's evilness in the 90's cannot be underestimated.
Re: (Score:3)
It's a move in the right direction, but the way Apple are going about it is harming developers and confidence in the App Store unnecessarily.
I completely agree that sandboxing is a valuable requirement, and regardless of anybody's opinions on Apple's control over the ecosystem, they have used that control to cut out a lot of really shitty practices by software vendors, and this is another example of them using that control to push vendors in the right direction.
The problem, though, is that the entitlem
Re: (Score:2)
Some programs are pretty much useless in a sandbox. Should I have to bundle together an editor, source control, and an interpreter in order for those programs to use the same files inside the sandbox? Should I do this for every language I want to develop in using that editor? Without the runtime, the files I'm editing are useless. Perhaps I could get away with just the editor and the source control, using the source control to escape the sandbox. Would Apple close that hole, or reject me from the app store
Re:As an Apple hater, I disagree. (Score:4, Insightful)
No, no, and no. Sandboxed applications have free access, forever, to files and folders you explicitly select, where "forever" can even include subsequent versions of the same app. Many vendors are running away from sandboxing "to improve user experience" in ways that directly conflict with the whole notion of sandboxing: accessing the user's SSH private keys without confirmation, using Apple Events and/or the Accessibility API to control arbitrary third-party applications, and so on. Apple's goal seems to be to maximize the number of applications that can be reasonably sandboxed without undermining the whole idea of sandboxing, using the App Store and iCloud as "carrots", because they're trying to address a problem Microsoft never did: most developers don't give a damn about the mitigation of security vulnerabilities in their applications. It's a hard problem, and discussions like Marco's will ultimately contribute to a better solution, but "give up sandbox requirements" isn't an endgame I'd like to see.
Re: (Score:2)
Except there are whole classes of programs you can't buy. For instance, many popular disk utilities are not available on the app store or if they are, they only work on removable media. If I want to defragment my boot disk, I have to buy from the vendor directly. Few antivirus applications are available on the app store for the same reason.
Most games on the app store are crippled too. The online gaming component is disable or similar restrictions are put on the games. Duke Nukem Forever or Rage are exa
Re: (Score:3)
What, like Apple themselves? Sure, they have sandboxed some of their apps that are fairly self-contained, but the more complex ones CANNOT be sandboxed (i.e. iPhoto, iTunes) because they share data with each other.
As an Apple developer, we are not "too lazy". Have YOU actually tried making a real-world app work with sandboxing? I have, at very, very great length. I eventually
Re: (Score:3)
Loathe? Detest? For what, building products people are willing to buy?
They arent in the same solar system of evil as Microsoft in the 90s. They'd need to stifle competition through illegal methods... get some perspective and make your claim AFTER they get sued by the government and are found guilty and criminal.
Re:As an Apple hater, I disagree. (Score:5, Informative)
That's not true at all. The standard com.apple.security.files.user-selected.read-write entitlements can handle that very easily. All you have to do is use a standard open dialog to let the user choose a folder, and then write arbitrary crap into that folder or any subfolder within it. Then, save a security-scoped bookmark to that folder if you need to retain access to that folder on future launches. Where things get awkward with that arrangement is when the user copies those files to another machine or restores from a backup. At that point, you'll have to ask the user to open the folder containing the file "foo.wav" or whatever. Then, you can scour the files in there, create security-scoped bookmarks for all of them, and repeat for any other folders full of files.
A much better solution for that problem is to store each project in a self-contained bundle (a folder with an extension, e.g. a .rtfd file, as supported by TextEdit). If you do that, everything just magically works, because instead of opening a project file, the user is opening a folder that contains everything related to a given project. For obvious reasons, that approach is strongly recommended unless you absolutely have to reference files outside of the project for some reason.
That isn't allowed because you aren't allowed to see other apps' windows. It would be a fairly serious security violation if an app could take pictures of other apps that are running and then mail them to the app developer. The same goes for log files that contain data from other applications, preferences files written by other applications, etc. However, there is no reason you can't capture an image of each of your own windows, store a copy of your own log messages in your own file, or send your own preferences file.
Re:As an Apple hater, I disagree. (Score:5, Informative)
It's actually pretty straightforward. The UNIX security model sucks. It assumes that attacks come from the outside, and is designed to protect the user from other users on the same system. In the UNIX model, everything run by a particular user has the same rights as the user. In practice, that just isn't a viable security model anymore.
Consider this scenario: you have a web browser. When everything is working, you trust that the browser is not malicious, so you run it as yourself. Later, you go to a web page and, because of a bug in that browser, somebody is able to execute arbitrary code. Under the UNIX model, that browser can send all your files to a server in Croatia, encrypt them, and extort money from you in exchange for getting your data back.
The only way to prevent such a scenario in a traditional UNIX permission system is to run each application as a separate user. That might be practical for a power user, but it would be insane for most folks. And if you ever wanted to open that JPEG file that you saved with the web browser, you'd have to go in and either change the owner (Finder running as root is a terrifying thought) or set really scary ACLs. No matter how you cut it, that's not user-friendly.
A modern security model must be fundamentally built on the principle of distrust. Distrust everything. Any app could potentially become malicious at any time, whether because the app developer put in a backdoor or because somebody exploited a buffer overflow. It is, therefore, the responsibility of the operating system to not only protect the user from other users on the system, but also from flaws in other applications being run by the same user.
The result is a sandboxing model, in which applications are allowed to open only files that the user has explicitly authorized them to open. Although the user sees a standard file open dialog, when running in a sandbox, the application is not in charge of displaying that dialog. Instead, a system daemon called pboxd (the "powerbox daemon") displays the dialog. When the user chooses to allow that application access to a resource, that daemon then extends the application's sandbox to allow access to that file. In this way, the application has access to exactly the files or folders to which the user has granted it access. No more, no less.
Such a security model is really the only sane security model you can come up with. By using user intent rather than an arcane set of permissions, the user is able to open files in whatever application the user chooses, trusting the operating system to ensure that those applications do not have access to files that the user has not allowed those applications to open. This significantly reduces the benefits gained from attacking security holes in an application.
That's not to say that some apps don't need broader access (e.g. Finder), but it is a worthwhile goal to minimize the number of apps with that level of access, as they are the juiciest targets for attack.
Like Walmart..... (Score:5, Informative)
Apple probably doesn't care. When one merchandiser leaves, another one will gladly take its place.
Re: (Score:2)
And I doubt the customers will care either. If Walmart stops selling HTC televisions, do people just quit walmart? No they buy whatever brand is available. Same with the Apple Store; people will just buy what they can. So I disagree with the comments below: http://www.marco.org/2012/07/26/not-just-geeks [marco.org]
BTW instapaper's "read later" doesn't work in Opera.
Would be nice if he fixed that.
QUOTE: "My argument was more nuanced: many previously-acceptable apps have been effectively kicked out of the App Store
Backwards, more will go to app store (Score:5, Interesting)
As a developer I see what he is saying.
But as a user the changes only make it MORE likely I would look in the app store first for something. I know something from there will work along with the system security restrictions.
With more people looking in the app store, the simple truth is more developers will have to service that market somehow or lose users (or at least not grow at the same rate as the mac install base does).
Apple has already changed some ways in which sandboxing works, to accommodate some application needs. And they will do more of that going forward - but historically Apple implements overly strong security to start with, and then whittles it away as required instead of letting users get used to an overly permissive model.
The problem is... (Score:4, Informative)
Developers think "Great, I can release an App Store version... I just need to remove x and y." So they do that, and people buy the App Store version. Then the developer realizes his App Store version now can't do Z, which makes it much harder to keep making in parallel with his native version. So he stops updating the App Store version. App Store customer sees non-App Store version getting updates and gets angry.
How will 'the halo effect' come into play? (Score:5, Insightful)
Many, MANY people buy Macs because they believe that they are better/more stable/more secure than the Windows machines they've used for the past decade. Whether they are or are not is an endless Slashdot debate that is completely tangential to my point, because what's at question here is the perception, not the reality.
If people perceive the Mac to be the stable part, software that doesn't work will likely be blamed on the developer, not Apple. To them, a sandbox is a place young children play in, not a computer security model. A developer trying to explain this to someone who truly doesn't understand the security model will make himself look foolish to the customer, not enlighten the customer.
The App Store will still be used by many Mac users in the same way Origin is used by EA customers. Few (if any) EA customers desired Origin, it's just necessary for Battlefield 3, Mass Effect 3, and The Sims. Similarly, even if many Apple developers ditch the App Store, the fact that Final Cut Studio, Logic, and Aperture are available through it will keep a huge demographic begrudgingly using it. Adobe is probably the one company who can likely keep a working trigger finger on Apple preventing conventional software installations, but their pushing their 'Creative Cloud' model may weaken their grip on said trigger. Ableton and Serato may be in a position to help pick up the slack a bit, but they definitely don't have the same level of clout.
Finally, long time Mac incumbents may be wary of the Mac App Store, but newcomers who love their iPhone/iPod/iPad may be more inclined to start at the App Store since that's "where software comes from". It's part of the vertical solution that they feel they bought from Apple. The question will be whether developer A's FOO_APP skiddishness in being included in the App Store will be the golden opportunity for similarly-functioning FRA_APP to eat its lunch. Again, Adobe may be able to keep itself afloat with selling stuff through adobe.com/journeyed/cdw/staples, but searching the App Store through functionality puts developers on much more even levels for those that would be affected by the sandboxing and not having a legal team at their disposal to go RIAA on their posteriors.
Re:How will 'the halo effect' come into play? (Score:4, Interesting)
I just upgraded my MacBook Pro from OS X 10.7.4 Lion to 10.8 Mountain Lion. Unfortunately this change brought a new version of OpenGL (great!) but Apple removed the PBuffers they had deprecated some time back. That broke the software I've been working (using th JoGL OpenGL bindings). While on one hand you can argue that Apple deprecated PBuffers on their platform so tough luck to me. On the other hand both AMD on Windows and Ubuntu Linux still have working PBuffer implementations and my software still works on those platforms.
As a developer it makes me a bit unhappy Apple brought in a lot of Cloud stuff (that I personally have zero interest in) while removing small but useful features that are actually widely used. Backwards compatibility matters a lot, which is one of the great strengths of Windows but Apple are less keen on it. As a developer (the point of this article) it now means that until the JoGL library catches up OS X has moved from a first-class target for my game to second class behind Linux and Windows (where I know the development effort won't be slowed by fairly needless breaking changes). This is because I can't guarantee that the effort I make to get things going again on OS X won't be nullified with further (IMHO unnecessarily strict) changes as new OS X versions are released on their yearly cycle. Sure, I have the technical chops to patch JoGL myself, but it is something I don't have to do for Windows and Linux, and is a diversion of effort for me actually *getting the important stuff done*.
nb: I must be a luddite. I'd much rather get my software directly from the vendor rather than the straightjacket of the App Store. I just know getting stuf through the App Store will be problematic whenever Apple decides that it is in their interest (not mine) to replace the App Store with something else. All technology changes, eventually, but Apple's timescale for change is probably much faster than mine since I just want to get stuff done => future trouble, so I avoid using App Store where I have alternatives.
New sand boxing guidelines? (Score:5, Informative)
just finding this out now (Score:3)
What I've seen (Score:5, Interesting)
What I've seen is that many apps are starting to have 2 versions:
a) The internet version
-- designed the way the developer wants
-- paid upgrades
-- weak or weaker tie to iOS version
b) The app store version
-- designed the way Apple wants
-- free upgrades (or rarely 100% rebuy upgrades)
-- strong tie to the iOS version via. iCloud
That's a really interesting choice. So far I've always gone for the internet version because the app store worries me. I like the idea of iCloud integration, but most of what I want I could get though dropbox and sym/hard links. I could get the update management the more traditions way (http://www.macupdate.com/desktop/) but frankly all the apps check by themselves at this point mostly.
But I don't know the App store is "in trouble". I think there is likely to be a fork in what you get where. The App store might have lots of inexpensive simple applications, free demos, desktop support for phone apps and other apps that are single purpose while the retail side focus on the $20 on up apps which are more versatile. I don't think it is good that the market is forking creating two software ecosystems with different tastes.
Only on Slashdot (Score:5, Insightful)
Re: (Score:3, Interesting)
+1000. Arment's comments and the OP's summary are utter bull crap.
Moreover this is a one-time thing, one long in the making, postponed several times in the past two years or so, and Arment knows it more than any other -- being the author of an iOS app.
There's really nothing to see here. Consumers are basically told: "We're improving security by requiring stuff in the app store; we're dropping apps that aren't secure enough by our standards as a consequence." Period, end of story. Move along, nothing to see.
Re: (Score:3)
You apparently aren't familiar with the practice of defense in depth...
No OS is secure; not even OpenBSD, where they painstakingly audit every line of code.
Fort Knox's security isn't just because of the vaults in the gold depository - it's the army base, filled with soldiers, each of which is a layer of security (some good, some not so great), as well as an armored battalion that surrounds the depository.
Apple's sandbox is (surprise, surprise) an implementation of mandatory access control - like SELinux or
Marco may have a point (Score:5, Interesting)
Problem is, I read the linked post and can't tell if he's right or wrong. He refers to developers leaving, he refers to customers being burnt, he refers to sandboxing exclusions... but he doesn't give a single example to illustrate his point!
So what exactly are you talking about, Marco Arment?
Re: (Score:3)
Without more specifics, it's just random internet whining.
Re: (Score:3)
The best example is Growl. They were an open source project for notifications developers needed. They saw Apple building the App Store and buttoned ( and closed) up their project to be a "team player" for the Apple team. The whole saga of the App Store, then the Sandoxing, then Apple copying some of the features.
Now they're stuck in a place where they can release a version on the App Store but it is so narrow that it doesnt get many more features than the notifications built into Mtn lion. Non-app store app
Will Apple's own "apps" run in their sandbox? (Score:5, Interesting)
Will iTunes run in the "sandbox"? QuickTime? Safari? Keynote? Numbers? FinalCut "Pro"?
Re:Will Apple's own "apps" run in their sandbox? (Score:5, Informative)
A lot of those do. Mail does, the mothership process of Safari does not, but it's "Web Content" processes, the ones that present URLs, do. Quicktime Player does. Facetime and the Reminders app do, the Calendar does not, TextEdit does, the productivity apps don't -- it's pretty much hit or miss, I don't think there's any agenda to it, they just update the apps when they get around to it. I know they'd rather have most of their user-facing apps in a sandbox, so they can't be used as an exploitable surface to their underlying services (the camera API, the filesystem, the sloppy blob that is Quicktime...). Several OS processes run in a sandbox as well, like the metadata indexer and the pasteboard daemon, because they have to crunch through gobs of roudy and arbitrary data and are rather intimate with the underlying system.
But the sandbox and entitlements are about maintaining a chain of trust. If you don't trust the developer, in this case the organization known as Apple Inc, you shouldn't be running anything they make, starting with their OS and hardware, so the question is sorta mute.
Cynicism wins, again. (Score:5, Insightful)
As a newcomer to the Mac, I was not at all interested in the App Store. Maybe I'm too cynical, but goddamn it, I'm proven right too often to change my ways. The App Store does not solve any existing problems for me, as a user. If I can find some app in their, then I could have Googled for the author's web site just as easily. I actually prefer apps that self-update, rather than having to open the inflexible App Store client. I don't need a 3rd party getting between me and the developer, isn't that the whole point of a global network ? We don't need no stinkin' middlemen!
Another peeve is how their delivery method makes it difficult to back up the installation files. I don't want to redownload the dumb thing every time I set up a test box, or follow their annual OS upgrades (from scratch - fuck inline updates!) For regular users, I'm sure the experience is seamless, but as soon as you start messing in a terminal, the messy parts become painfully apparent. It's kind of like that last bit in Portal, where you break out of the test area and run around the broken-down maintenance hallways.
It's a fine model for the iPhone/iPad, but desktop/laptop computers have a long legacy that predates this sort of integration and far greater diversity in how people use them. Tell me how to use my computer and I'll tell your company to go fuck itself.
Re: (Score:3)
Another peeve is how their delivery method makes it difficult to back up the installation files.
Uh, just copy the applications from /Applications to somewhere else? Mac App Store apps aren't allowed to ship with anything else than what's lying there.
I'm pretty much done with the iPhone period. (Score:2)
I've had the iPhone since shortly after they first introduced it to the market. In that time I purchased many apps, but few paid apps have failed to disappoint. Making things worse Apple allows developers to convert a 10$ app into a "free" app with in game purchases. Particularly disappointing was Oregon Trail. The only thing I found appealing on early Apple computers (I had a PC so I was spoiled) when I found them in my school. I payed almost 10$ for that iPhone app, and it was worth it when I bought it as
The main problem and simple solution (Score:5, Insightful)
Right now the Mac app store makes no distinction between system/developer utilities and regular consumer applications. As a result, the list of available entitlements are too narrow. Regular users are baffled by the file system and getting it out of their faces is a great idea. Locking down apps is also good from a security perspective for most apps and users.
Apple just needs to make a special more rigorous review process for these sorts of apps and only allow those apps to request admin access or touch the file system outside the sandbox. In fact only the Developer and Utility categories need allow this sort of thing.
On a related note, Apple needs something like Windows' contracts so apps can specify the types of data they can provide or accept and let the system manage the interaction. This gives a safe clean way for apps to share data... The primary drawback of Apple's current "share nothing" model.
Sandboxing? Some background please? (Score:2, Insightful)
He seems to be butthurt over something called "Sandboxing," but throughout his entire rant, he fails to actually explain to his readers what this Sandboxing thing is and how it affects developers. All he offers is some jargon about "incompatibility with the current set of sandboxing entitlements" whatever the heck that means.
He might as well be ranting over Apple's "leafbowl" restrictions or their policy of "chicken frying" developers. Without some background, who knows what he's talking about with his jarg
Re: (Score:3, Insightful)
Re: (Score:3)
If you're reading Slashdot, you're expected to know what "sandboxing" is in general, or at least be able to look it up on Wikipedia etc. And the guy's blog is obviously meant for readers of that blog and should be taken in context, which is OS X software development.
NOT ABOUT iOS (Score:3, Informative)
The summary is misleading. The article is about the MAC app store for desktop applications. Was anyone else left scratching their heads about how the heck they would deploy iPhone apps to the public without the app store?
Big trouble . . . (Score:2)
Man, what's Apple going to do when all these developers leave them to go develop applications to put in Ubuntu's repository and the mobile Windows 8 store?
Last time I checked, Apple's app store is where the money is. Developers don't work on what's convenient unless they're hobbyists. If they're in it for the money they go where the money's at. Does Manager X care that Developer Y has a philosophical disagreement with Apple? Nope.
Personally, I like the idea of sandboxing. It provides stability and security,
Sounds a little butt hurt (Score:2)
Re: (Score:2)
Re: (Score:3)
Apple Defence Force!
ASEMBLEEEEEE!!!!
Has anybody else noticed that the Haterade Addicts are calling four meetings a day now?