Mac App Store Sandboxing Requirement Pushed to March as Uncertainty Looms

[gnasher729]

Oh. Is this why a video screengrabbing app I bought now constantly asks where to save its thumbnails - rather than just dropping them back in the same folder the video files are?

It never used to open a file dialigue to save the resulting thumbnails. It would just drop them next to the source videos.

That is completely unnecessary actually. Every application has its own area in the file system that it can access freely, and that nobody else can access, and in that area it can do what it wants. That's where it should store thumbnails.

I could not agree more.

It's why I stopped upgrading at 10.6.5.

The next rev, 10.6.6 included the Mac App Store.

I really have to wonder about your thought process. If you don't want to use the Mac App Store, don't use it. There is nothing that forces you to use it, whether it's there or not. Just delete the "App Store" application if you don't want it.

 

[AppliedMicro]

It's not like the Mac will only run App Store software.

Not yet.

 

[diddl14]

I wouldn't mind at all if the file system becomes part of ancient IT history where it belongs.

Damm, most of this file-system stuff is 30+ years old and the average user has simply no clue what this whole file and folder thingy really is about.

Some kind of local running iCloud service would be nice, maybe with built-in TimeMachine features and a cleaver way for Apps to share information.

Yes it will impact some or most Apps. But at the end this will drive a kind of innovation in OS architecture that has been long overdue. And to support the legacy stuff, Apps like Transmit might simply run trough a special certification program.

As long as there is a need to use stuff like FTP/SFTP, why not support some trusted "legacy-enabling" Apps. Personally I can't wait for this primitive stuff to no longer be needed...

Only hope Apple can pull it off in a way that keeps innovative App developers on board. But with iOS the've showed that its feasible and more than accepted.

 

[AppliedMicro]

I really hope this doesn't compromise features. Since App Store apps are not likely to be malicious anyway, why limit them? They've been checked by Apple, they're entirely safe. Sandboxing only makes sense if the App is dodgy and thus NOT from the App Store.

Microsoft Windows is not likely to be malicious either, so why limit it in any way? Why update it ever? It has been checked by Microsoft, so of course it's entirely safe.

We've already had this discussion in this thread:

1. Being malicious is another thing as being vulnerable
2. Apple's approval process does not and cannot ensure that approved apps are "entirely safe".
3. Sandboxing isn't so much about weeding out "malicious" apps as it is about limiting the damage once an app has been compromised.

 

[TiggsPanther]

That is completely unnecessary actually. Every application has its own area in the file system that it can access freely, and that nobody else can access, and in that area it can do what it wants. That's where it should store thumbnails.

Aah. So the only way it can put thumbnails next to the source videos (if that's what's required) is by opening a file dialogue and asking the user where they actually want the files placed?

 

[AppliedMicro]

I really have to wonder about your thought process. If you don't want to use the Mac App Store, don't use it. There is nothing that forces you to use it, whether it's there or not.

It's probably a question about philosophy, ethics, and/or belief.

I've had a customer recently who had purchased a Mac second-hand without install CDs (from eBay, classifieds or the like) being "unable to enter the admin password" (in order to reset it or create a new user account) given to him by the previous owner on a piece of paper ...because it contained the number of the devil!

 

[zuk]

If AppStore will be the only way to install apps or if most of software will be available in sandboxed AppStore ... I will pass to linux + win and Android
Sandboxed apps is the most annoying thing on iOS.

 

[AppliedMicro]

What?

Edited above for clarity:
He was "unable" to physically enter the numbers "666".

Even for security purposes it should make sense to update to 10.6.8. If you don't like the App store, just don't use it. Though as I know Apple, I can imagine them prevent non-App-Store software installation quite happily and cold-bloodedly in some future release (10.9).

So for Transmit, all it needs to do is isolate the part of the program that processes arbitrary files (i.e - might potentially execute malicious code), and restrict its access to the rest of the app's features, which should be unaffected.

"Processing arbitrary files" is exactly the point of an FTP program.

 

[Igantius]

When I saw this thread, I thought about Wiretap Studio.

A little while ago, Ambrosia Software advised that Wiretap Studio wouldn’t have all its usual functionality in Lion, due to the OS preventing users from capturing application specific audio (e.g. audio coming from Safari).

It’s looking at solutions – one has been found but Ambrosia says that Apple wouldn’t let it into the App Store, nor would it work with sandboxed apps, so rather understandably has decided to go with that one.

 

[pewra]

"Processing arbitrary files" is exactly the point of an FTP program.

Exactly. That's like restricting the OS's access to /etc/password, 'cos it might steal your hashes.

 

[Winni]

Surely this is overreaction? Just because apps have to start using the sandboxing features, doesn't mean they have to give up features surely? The expectation is that the apps declare the minimum privileges that they require in order to function and, where possible, restrict potentially harmful privileges into smaller, isolated functions.

So for Transmit, all it needs to do is isolate the part of the program that processes arbitrary files (i.e - might potentially execute malicious code), and restrict its access to the rest of the app's features, which should be unaffected.

Unfortunately, it is not that simple and you're wrong about the technical aspects.

The sandboxing requirements won't affect games and most of the trivial apps that are available in the App Store.

However, the App Store versions of BBEdit and Scrivener, for example, already have less features than the versions that you can purchase outside of the App Store. The command line tools of BBEdit are not part of the App Store version because of Apple's restrictions - you can still download and install them separately, but that certainly does not make buying the software from the App Store the "best way" to get software as Steve once boasted. You actually have to obtain two pieces of the same software from two different locations just to get the full functionality. And all that just because Apple does not allow the installation of command line tools in App Store software. That's simply stupid.

Growl, for example, also had to be changed in its design to comply with the CURRENT App Store rules. I'm not even certain if Growl would still function in a sandboxed environment. I do not know the specifics of Growl's current implementation, but there is a good chance that Growl cannot function at all in a sandboxed environment. Growl needs to act as a network server to receive messages from other apps - that's something that sandboxed apps usually CANNOT do. I doubt that any server software will ever be able to run in a "sandboxed App Store mode".

Also, software like Parallels Desktop or VMWare Fusion are already not allowed in the App Store because of today's rules -- and by that I mean without sandboxing. And "sandboxing" would make it technically impossible to write and deploy such software because the required degree of system access is not allowed or possible in a sandbox. It's the whole purpose of a sandbox to NOT allow deep system access.

So, yes, sandboxing DOES limit the possible features of software and in many cases, it makes it completely impossible to develop certain kinds of productive software. Also, a sandbox is only as safe and secure as the most dangerous instruction that it allows; it does not make sense to lower the defenses for certain instructions and otherwise pretend that the castle wall is completely solid.

 

[ade2bee]

wow!

Apart from the fact I didn't upgrade because I have those cute useful lil apps that I cannot live without unusable in Lion, this now is another big reason to stay away.

I love a locked down system in my mobile devices but this is soooooo bad. Although it'll probably go the same way, can i face my windows fanboys today? ... and the Linux fanboys?!

All joking apart, this is more of a serious issue than it looks, as, looking at the apps in the article, they are quite wide ranging and are the 'useful' lil apps some of us are used to... No upgrade for me yet :-(

 

[FourCandles]

If I'm summarising previous comments correctly, then these are examples of apps that wil never make it to the MAS.

• All FTP clients, including combo editors like Coda and Espresso
• Most file syncing/backup utilities (certainly ones like SpiderOak, Box.net etc.)
• Adobe Bridge
• Adobe Dreamweaver (contains an ftp client)
• Any Subversion client
• Adobe Drive

So, IF a future release of OS X/iOS does close the system to MAS apps only, then that pretty much kills the Mac as a web design platform - unless I'm missing something?

 

[Winni]

I wouldn't mind at all if the file system becomes part of ancient IT history where it belongs.

Damm, most of this file-system stuff is 30+ years old and the average user has simply no clue what this whole file and folder thingy really is about.

Some kind of local running iCloud service would be nice, maybe with built-in TimeMachine features and a cleaver way for Apps to share information.

Yes it will impact some or most Apps. But at the end this will drive a kind of innovation in OS architecture that has been long overdue. And to support the legacy stuff, Apps like Transmit might simply run trough a special certification program.

As long as there is a need to use stuff like FTP/SFTP, why not support some trusted "legacy-enabling" Apps. Personally I can't wait for this primitive stuff to no longer be needed...

Only hope Apple can pull it off in a way that keeps innovative App developers on board. But with iOS the've showed that its feasible and more than accepted.

Heck, it is a very safe bet to assume that any clerk, secretary, accountant, lawyer, notary or librarian on this planet knows EXACTLY what files and folders are. They were the reason why this thing is called "(hierarchical) file system" and why they are structured in directories/folders -- they are the digital representation of what these people put in physical shelves...

Your post makes one thing completely clear: You do not know how things work in ANY operating system. Or do you honestly believe that the iCloud does not heavily rely on a file system to store everything that is thrown at it?

What do you think Time Machine and Spotlight rely on to function?

Heck, even most database storage systems require a fully functional file system to store their stuff (only few of them create their own storage systems and abstract it away from the user).

When Microsoft were working on Vista, their original plan was to replace the NTFS file system with WINFS, which essential was supposed to be a (SQL) database server built deeply into the operating system. WINFS basically should become what you were describing with your own words, but as it eventually turned out, it didn't work and thus they dropped that feature from Vista and later versions.

Now Microsoft is a company with infinitely more experience in the database and server sector than Apple and they were VERY serious about replacing the file system as we know it with something more powerful - but despite all their efforts and all the resources that they threw at the problem, they failed.

The clever way for apps to share information is to use a common file system. That won't change. A file centric approach is much more efficient for the user than the app centric approach that iOS tries to impose. People think first about their content, not about the apps that they used to create that content. The truth is that people don't care about the apps as long as they do what they need them to do. Finding content can become a problem once you have too much content - there is a reason why the profession of the librarian was born centuries ago. It's not a trivial task to find your way through a labyrinth of content. That's why all operating systems have search assistants built in.

But it doesn't matter how many abstraction layers and assistants we will pile on top of our content -- it will still have to be stored somewhere, and that will be a file system.

 

[Bentov]

I wouldn't mind at all if the file system becomes part of ancient IT history where it belongs.

Damm, most of this file-system stuff is 30+ years old and the average user has simply no clue what this whole file and folder thingy really is about.

Some kind of local running iCloud service would be nice, maybe with built-in TimeMachine features and a cleaver way for Apps to share information.

Yes it will impact some or most Apps. But at the end this will drive a kind of innovation in OS architecture that has been long overdue. And to support the legacy stuff, Apps like Transmit might simply run trough a special certification program.

As long as there is a need to use stuff like FTP/SFTP, why not support some trusted "legacy-enabling" Apps. Personally I can't wait for this primitive stuff to no longer be needed...

Only hope Apple can pull it off in a way that keeps innovative App developers on board. But with iOS the've showed that its feasible and more than accepted.

Yea, I'm going to go out on a limb and say you have never written a program in your life, and are most likely some type of executive type person. Pie in the sky ideas, with no basis in reality. You do realize that to put files onto a computer you need some type of files system... Even iCloud has a file system.

What you are arguing is how transparent the file system is to the user. While you may think that just having 3 folders named: apps, downloads, documents are sufficient,trust me, it is not. Also, please keep in mind, the only reason you have OSX is because of some 30+ year old technology called unix

 

[The Phazer]

I wouldn't mind at all if the file system becomes part of ancient IT history where it belongs.

Damm, most of this file-system stuff is 30+ years old and the average user has simply no clue what this whole file and folder thingy really is about.

You are terrifying, and wrong. What you want would be a total disaster for everyone.

The Mac App Store really is a disaster for the platform. It's a financial disincentive now to write good software.

Phazer

 

[miografico]

I wouldn't mind at all if the file system becomes part of ancient IT history where it belongs.

Damm, most of this file-system stuff is 30+ years old and the average user has simply no clue what this whole file and folder thingy really is about.

Some kind of local running iCloud service would be nice, maybe with built-in TimeMachine features and a cleaver way for Apps to share information.

Yes it will impact some or most Apps. But at the end this will drive a kind of innovation in OS architecture that has been long overdue. And to support the legacy stuff, Apps like Transmit might simply run trough a special certification program.

As long as there is a need to use stuff like FTP/SFTP, why not support some trusted "legacy-enabling" Apps. Personally I can't wait for this primitive stuff to no longer be needed...

Only hope Apple can pull it off in a way that keeps innovative App developers on board. But with iOS the've showed that its feasible and more than accepted.

I am so sick of reading comments like these and you're a developer... Why do you think no one has come up with a better idea, that has actually stuck for real world work, in the past 30 years, for the graphical presentation of an underlying filesystem? Because the GUI which allows interaction with the underlying data on a machine is an actual digital representation of how humans compartmentalize things.

Before we had the personal computer we made more use of actual desks, actual paper in actual folders, stored in actual drawers. Before the graphical user interface became mainstream and we all used command line based systems, but we still had this representation of digital location based upon directories/folders with files in them.

The iPhone while extremely sandboxed has a screen that is a virtual desktop with applications or folders containing applications. Once again the desk and its drawers. The difference between the personal computer and the iDevice is you are told you can open this drawer, but I have to stand over your shoulder and watch what you do with the information you take out of it. Before we had use of folders on the iDevice why were users clamoring for them? Because as humans the concept of a real world storage mechanism in the construct of a digital representation of a folder is a part of who we are.

At the end of the day what you are asking for is philosophical nonsense that will only lead to complete loss of control and freedom of your device. You just buy into it because you have been slowly programmed/marketed into believing its good medicine. While the interface is becoming more streamlined for ease of use across devices when the day comes where the file, folder, window construct is fully taken away from the personal computer it will be the death of the word, "personal" in the phrase. In the simplest terms that will be the day where I can no longer put what I want on my desk and put what I want into its drawers. As a computer enthusiast since I could walk and as a developer my entire adult life - I won't ever use a personal computer again if that's the case. I'm not going to sit here and remember the days I once had control of my own machine.

We are heading into the dark ages of data not just because computer companies like Apple, Microsoft (you better believe they want to do the same thing) et al. want to control our entire waking digital lives, but because the majority of endusers today have been brainwashed into thinking the concept of freedom is actually a negative thing.

 

[AppliedMicro]

If I'm summarising previous comments correctly, then these are examples of apps that wil never make it to the MAS.

All FTP clients, including combo editors like Coda and Espresso
Adobe Dreamweaver (contains an ftp client)
[/LIST]

No, not "all" FTP clients would be excluded.
Take, for example, the twitter that way already linked above:

http://twitter.com/#!/Cabel/status/131918123673731072

Just look at existing app on iOS: They have their own "data/file space": I.e., an app can edit / operate on its own "projects", files and databases pretty freely. But access for other apps and interchange with other app is severely limited.

You have two different PDF readers installed on an iPad, say GoodReader and iBooks? Each has its own file storage. Want to have the same PDF in GoodReader and iBooks? Import in both apps separately. Or you have to duplicate it from one app to another. Have a PDF in iBooks - want to make a annotation in GoodReader and then go back to reading in it iBooks? It gets really cumbersome, if possible at all.

It's not so much "all-in-one" applications like Dreamweaver that would be hurt by this requirement, as it is "stand-alone" apps with limited (yet maybe refined) functionality.

E.g., in Dreamweaver you could create a "project", Dreamweaver manages the project files for you and offers built-in FTP functionality to send to a server.

Don't like Dreamweavers FTP capability, need certain other functionality not offered by it? You might want to use a specialized FTP client from someone else... like Transmit. The latter however would suffer from this sandboxing requirement. An FTP client incapable of displaying and "arbitrary" local files on its own would be like... I don't even know what to say.

Just google for screenshots of Transmit or other FTP clients: Many employ some variety of a two-column layout:
It is really simple (very, very crude representation coobled together in a minute):

Left column: A list of your localfiles.
Right columen: A list of files on the server.
You can just drag & drop between them very easily.

As I understand it, this wouldn't be possible under the new app store requirements (at least not in a way that an FTP application developer would see fit for his app).

 

[subsonix]

So, yes, sandboxing DOES limit the possible features of software and in many cases, it makes it completely impossible to develop certain kinds of productive software. Also, a sandbox is only as safe and secure as the most dangerous instruction that it allows; it does not make sense to lower the defenses for certain instructions and otherwise pretend that the castle wall is completely solid.

I think the discussion should be about what, if any, policy Apple will enforce, not the sanbox as such. Enforcing the use of sandboxing is ok, as long as there aren't any pre-defined rules regarding access. It's the policy that the discussion should be about, not sandboxing IMO.

 

[wizard]

BS, BS and more BS!

Absolutely correct - sand boxing is bad for innovation. Already we see differences in the same piece of software that is distributed outside app store vs in appStore - for example 1Password, BBEdit, Drive Genius.. lots of others - the versions in the appStore are crippled vs those outside.

I'm fully prepared to give up a little functionality to have apps that don't expose me to security issues. That might not be in every case but those apps that are running outside the sandbox environment will be minimized so that security can be monitored.

Many existing great software will never be allowed in - due to the functionality they provide, i.e., LaunchBar, BetterTouchTool, PathFinder.

Utilities?

Yes, you can still download from outside the app Store but over time more and more applications will be found exclusively in the AppStore.

Yes exactly. This is what we want, that is the vast majority of apps coming through App store.

Either remove the sand box or lighten up the restrictions.

If you loosen up you loose the most important feature of sandboxing, that is the additional security that the facility adds.

Mac software flourishes happily at the moment without sand boxing... almost all ( read 99.99% are safe - a handful are not ).



Your paranoid, no doubt about it. 99.9999999999999999999999% of Mac applications outside the Mac AppStore are absolutely safe.

That is absolute crap, the virus and malware writers have just started to attack Apples systems. They will discover more and more ways to breach the system as we move forward. One big issue is that far to many apps have been written with no concern at all about security.

 

[Stella]

That is absolute crap, the virus and malware writers have just started to attack Apples systems. They will discover more and more ways to breach the system as we move forward. One big issue is that far to many apps have been written with no concern at all about security.

Is it crap? Really? Please list 12 or more malware applications targetted towards the Mac that have been written in 2011. Those are still very much a drop in the ocean.

I still stand by my 99.9999999999% percentage of Mac applications are safe.

Sure attacks will increase in the future ( probably at a slow rate ) but does it warrant paranoia? No.. it warrants balance. Like I said before, Apple tend to tip over the balance of functionality in favour of security ( which harms innovation and software - like the commentary of this story says ).

Yes exactly. This is what we want, that is the vast majority of apps coming through App store.

[/QUOTE]
Your speaking for everyone? The MAS in its present incarnation?

I've no problem with MAS, its the restrictions applied by apple that I have a problem with.

Utilities?

So? They are utility type applications, it doesn't make a difference - they are software. There are other types of software that aren't going on to the MAS anytime soon due to their functionality, or with reduced functionality.

I think the discussion should be about what, if any, policy Apple will enforce, not the sanbox as such. Enforcing the use of sandboxing is ok, as long as there aren't any pre-defined rules regarding access. It's the policy that the discussion should be about, not sandboxing IMO.

Definitely.. sand boxing can be good, but what privileges are an application allowed? Apple need to increase the privileges to allow flexibility but to minimize exploitation.

 

[wizard]

That is pretty much the whole point.

I suspect it affects more apps than you realize.

arn

That is the whole point of sandboxing! You want to limit the capability of programs to damage the system or other apps. The idea isn't really new either as servers often run services facing the wild Internet in change root jails. Apple is simply taking an old concept and applying it to user world apps.

Obviously this solution isn't perfect for every app or user but it is very useful and will go a long way to making the Mac a secure player on the Internet. What I find funny is that many here threaten to switch to Linux but security there can be extremely tight also.

So what we need is for as many of these apps as possible to be impacted before the Mac becomes the most common target on the net for exploitation.

 

[samcraig]

That is completely unnecessary actually. Every application has its own area in the file system that it can access freely, and that nobody else can access, and in that area it can do what it wants. That's where it should store thumbnails.

That's where it SHOULD store thumbnails? I think you mean to say that's where it WOULD store thumbnails. Personally - I think it's up to the user where they want their files stored which helps them be the most productive.

 

[subsonix]

Definitely.. sand boxing can be good, but what privileges are an application allowed? Apple need to increase the privileges to allow flexibility but to minimize exploitation.

Again, it's a policy question. You specify what files your application are using, anything else will be denied by the OS, which is exactly what you want.

 

[Bubba Satori]

You can take the garden out of walled garden, now.
Some people get it, others don't want to.
Ignorance is one thing,
willfull ignorance deserves everything it gets,
or loses.