Apple’s Sandboxing…One Month In

| Ted Landau's User Friendly View

It’s now been over a month since Apple began enforcing its sandboxing policies for the Mac App Store. With the dust beginning to settle, what can we conclude?

We certainly can say that the “chicken littles” among the prognosticators have not been vindicated. At least not so far. I haven’t seen hordes of Mac users, pitchforks in hand, storming the gates of Cupertino, demanding that Apple release third-party software from its shackles. In fact, I haven’t seen much in the way of user complaints at all.

Sanbox

On the other hand, there are numerous instances of developers struggling to meet the newly imposed requirements. And there are valuable app features being lost in the shuffle. Here are a few examples: 

BareBones is currently unable to offer iCloud support in Yojimbo. This is especially a problem for people who had been syncing Yojimbo via the now-shut-off MobileMe. Even when BareBones comes up with a solution (and they will), it will require that users who had been using the stand-alone version of Yojimbo purchase a new version from the Mac App Store. This will impose an unintended payment penalty to the existing users — because the Mac App Store does not support separate prices for new and upgrade purchases. BareBones has plans for a way around this, but it won’t be pretty. [Note: This is not directly a sandbox issue, but is related as it requires that the app move to the App Store and thus meet sandboxing restrictions.]

The Mac App Store versions of BareBones’ TextWrangler and BBEdit lose features. In order to comply with Apple’s submission guidelines, BareBones had to remove the “authenticated save” option (the ability to save changes to files that you do not own) and command-line tools from the Mac App Store versions of these text-editing apps. Personally, the “authenticated save” option has saved my bacon on several occasions; I would miss not having it.

• Rogue Amoeba states that “Apple’s restrictions prevent most of our software from being sold in their Mac App Store.” Piezo is the lone exception.

Smile announced last month that the new version 4 of its popular TextExpander will not be available from the Mac App Store because it cannot comply with Apple’s sandboxing requirements.

• In order to qualify for admission to the Mac App Store and avoid sandboxing prohibitions, all anti-virus software will have to eliminate their important automatic scanning features. 

The developer of SourceTree announced that sandboxing “will disallow important SourceTree functionality that was previously acceptable under store rules.” As a result, the Mac App Store version of their software will no longer be updated.

The developer of Alfred explains the unwelcome compromises he had to make in order for his app to be permitted in the Mac App Store.

The developer of MarsEdit explains the difficulties he faced allowing existing Mac App Store customers to access beta versions of his software. This is more of a general Mac App Store policy issue than a sandboxing one, but it’s close enough that I’m including it here.

• Topher Kessler, writing for my old MacFixIt site, more generally warns that, with sandboxing enforced, developers are likely to lose “the ability to schedule tasks using the system’s launch daemons, or build programs that piggy-back on others. Some such programs include the popular Evernote citation manager for various word-processing suites, or the MoneyWorks financial reporting features that the program appends to Excel or Numbers.”

Jonathan Rentzsch, writing for Macworld, assessed the pros and cons of sandboxing and concluded that the balance of the scales have clearly tipped in one direction: “The bottom line is that sandboxing has effectively collapsed the ambiguity and customers should now purchase their apps directly instead of through the Mac App Store.” That assumes that such a choice exists for a particular app.

I found all of these examples within a few minutes of searching the web. I’m sure there are more.

Point and counterpoint

Not everyone shares the just cited viewpoints. At the opposite end of the spectrum, John Welch (writing here at TMO) argues that all of these worries about sandboxing amount to (and I’m paraphrasing here a bit) whining by people too ignorant to understand what sandboxing is all about: critical security enhancements. Further, while admitting that sandboxing blocks some apps from the Mac App Store, he dismisses this issue because, by his measure, it only affects a very few apps. And even in cases where apps are blocked, users can easily get the software from outside the App Store.

Based on the list of apps I cited above, I believe the number of apps affected by the new policies is significant. In any case, one must consider both the quantity and significance of the affected apps. Even if only five apps were affected, this could be a big deal if those were five of a user’s most frequently accessed mission-critical apps and  features. The jury is still out on this. It remains to be seen how much of a big deal rejected apps turns out to be. 

As for the alternative of buying software outside of the Mac App Store, this presents at least two problems.

First, I believe such alternatives will decrease over time — as financial concerns increasingly persuade developers (especially smaller ones) to focus only on App Store versions (although if the Bodega App Store becomes a success, this could change the dynamics). Rich Mogull, writing for TidBITS, after acknowledging the clear security benefits to Apple’s policies, similarly cautioned: “Is there a downside to mandating sandboxing? Absolutely…Some apps will never be able to be sold in the Mac App Store. This is a problem since, as more users go to the Mac App Store for their apps, it may become economically difficult for those developers to reach a large enough audience.”

In fact, the concerns regarding current software may turn out to be just the proverbial tip of the iceberg. A larger issue, largely hidden from view, are useful features that may never show up in future software — due to developers tailoring their software to meet Mac App Store acceptance (a matter I covered more in a previous column).

Andy Ihnatko made a similar point when he compared the “App Store vs. externally-sold apps” situation to cable vs. network television shows. Network shows are constrained by numerous regulations in order to qualify for network airing. Cable shows, especially those on premium channels such as HBO, have no such restrictions. By most criteria, the result has been that most of the best shows on television are on premium channels. Andy concludes: “Under the new rules, there’s the risk that Mac software might occasionally be as good as ‘The West Wing’ but it could never be as great as ‘Boardwalk Empire.’ [For the time being], there will be some very real limitations on how good a Mac app can be.”

Second, I expect non-App-Store apps will increasingly be unable to access an assortment of desirable OS X features. This is happening already with apps and iCloud: Apple bars apps sold outside the App Store from syncing data to iCloud. This includes the Documents in the Cloud feature coming in Mountain Lion.

Security

Finally, what about the security advantages of sandboxing? These advantages have been effectively summarized both by Rich Mogull and John Welch. Mr. Welch concluded that “sandboxing is an important part of overall improved security. [It] is something that protects people who don’t know how this stuff works or why.”

I agree. However, I also believe that there can be too much security, especially for people who do know how stuff works. Otherwise, borrowing a phrase from Mr. Mogull’s article, you can wind up sacrificing too much usability in exchange for security.

Can there really be such a thing as “too much” security? Yes. As an analogy, imagine that a public library wanted to reduce its number of lost, stolen and damaged books. To do so, they institute a new set of security procedures. These include metal detectors, background checks, and retinal scans (to confirm your identity each time you want to borrow an item).

Does all of this succeed in reducing theft and damage? Absolutely. But is it worth the cost? My guess would be no. Patrons would rebel at such intrusions; they would rather accept a greater security risk.

The library analogy is not perfect. For one thing, the library’s checks are more onerous than sandboxing on a Mac. However, in the library example, the city is attempting to protect property it owns — as a benefit to the entire community. With sandboxing, Apple is attempting to limit features of the software you install on your Mac for your own personal use. To me, that gives Apple less latitude (although I am well aware that this is a hotly-contested debate).

It would be great if Apple could find a way to allow “advanced” users to optionally bypass sandboxing restrictions, such as via expanded Gatekeeper settings. However, this might wind up trading one set of problems (too much security) for another (too little security). In any case, as Apple has shown zero inclination to do anything like this on iOS devices, I doubt they have any plans in this direction for the Mac. So I’m not going to waste my time contemplating this possibility.

In the end, my best hope is that things will improve over time — as everyone adjusts to the new world order. After seeing how things work, and after assessing developer feedback, Apple may relax some if its policies. At the other end, developers may find better ways to maintain their apps’ features and still live within sandboxing’s constraints. Where no middle ground can be found, users will be content with the minor sacrifices that result. A year or two from now, we may look back and wonder why we ever made such a fuss about this in the first place. That’s my best hope. I should warn you, however, that my best hopes are rarely realized.

Comments

haineux

How many Apple apps are running Sandboxed at this time?

I believe the number is zero.

UrbanBard

This reminds me of a brouhaha back on the original MacOS. The deal was that developers were making direct calls to hardware despite the fact that Apple was pushing APIs which were a little slower. It was in the developers interest not to cooperate with Apple?s deadlines. Apple extended the deadlines when the developers did not meet them. Some developers, then, chose not to meet the extension.

Apple lowered the boom by rendering hardware calls inoperative. Pundits broadcast that Apple was a huge villain. Eventually, the recalcitrant developers toed the line when Apple refused to budge. Those developers had over three years notice and chose not to cooperate. Then they blamed Apple.

Apple is constantly being hit by claims that OSX is insecure, despite the fact its malware is a tiny fraction of MS Windows. Apple has been making steady moves toward 64 bit security (including sand boxing) since 10.5 leopard was issued.

Now, we have a claim that OSX has too much security when it is not users who are complaining. Apple needs developers, so it puts up with a bit of guff from them. But, how much time do they need to get Their act together? Is four years of lead time long enough? Apparently not.

Why do developers add features which they know will not pass Apple?s security plans. These are not stupid people. They just think they can railroad Apple into doing their will.

Ted Landau

Why do developers add features which they know will not pass Apple?s security plans.

Everything you wrote assumes acceptance the premise that what Apple wants to do is (or should be) the agreed ultimate goal. I don’t agree. The reason developers want some of these features is that they are worthwhile, despite Apple’s prohibitions. And many of them pre-date all of this. They have not been “added” recently. Rather, they are being “subtracted.”

Bosco (Brad Hutchings)

Sorry. I didn’t read much more of the article before posting the comment. Now I get what Ted was doing there. About John Welch:

... John Welch (writing here at TMO) argues that all of these worries about sandboxing amount to (and I?m paraphrasing here a bit) whining by people too ignorant to understand what sandboxing is all about: critical security enhancements.

John is either a moron or a tool. I’ll give him credit and call him a tool. I guarantee that the extent of his security experience is reading the Apple press release on sandboxing, because he shows no nuanced understanding of the subject. I dismissed his column and further debate as fanboy raving.

Ted Landau

Pretty low blow there, Ted. It?s petty crap like this that makes me recommend people just stay away from the cult of Apple as much as they can.

Wow. I hope this is an attempt at humor on your part. Otherwise, I don’t get it.

All I was saying was, if people predicted doom as a result of sandboxing, it didn’t happen. Most people are still contentedly using their Macs and not much noticing the change. I don’t see how this is a “low blow.” And I think it’s pretty clear, from the rest of the article, that I am not giving Apple a pass here. I just don’t see what your beef is.

iJack

Pretty low blow there, Ted.
You can?t even have an honest disagreement with something Apple does without being mocked.

TMO agitprop.

Ted Landau

Sorry. I didn?t read much more of the article before posting the comment.

I can think of several witty and sarcastic replies here. But I think you can imagine them as well. smile

Bosco (Brad Hutchings)

Well anyway, like I said, I read that line completely wrong and went off. But regardless, I still recommend that people just stay clear of Apple stuff right now. I’ve already had several people I advise ask me about the MAS saying that they are being told by Apple that non-MAS software is less secure, and I just see that as dirty pool. Not as in cheating at billiards, but as in someone dropped a deuce in the pool.

Eventually, people will figure this out. Channel competition like Bodega will need to undercut the bogus security claims, and independent developers that distribute directly will educate their customers. Calling it what it is, i.e. a money grab by Apple, may seem bombastic today, but it will become the common conclusion soon enough.

UrbanBard

“Everything you wrote assumes acceptance the premise that what Apple wants to do is (or should be) the agreed ultimate goal.?

I never said that. My reasoning is far more nuanced. I?m saying that what those earlier developers did, foot dragging, didn?t work.

Apple is not always right. It is up to the market place, not Apple nor the developers, to determine that. Apple has gotten a bloody nose, plenty of times, for being presumptuous. Even so, OSX is preferable to MS Windows.

” The reason developers want some of these features is that they are worthwhile, despite Apple?s prohibitions. ?

You developers are playing in someone else?s sand box and you want to call the shots? Some people have no respect for other people?s property.

“And many of them pre-date all of this. They have not been ?added? recently. Rather, they are being ?subtracted.??

Does Apple have a right to determine what direction its property will be taken in? Will it not be unsuccessful if it won?t listen to other people? Can Apple have a vision which is not shared by its developers? Are ethics a mystery to you?

Ted Landau

Are ethics a mystery to you?

Anyone who can seriously ask this question in this context is not worth my time to respond. Thanks for your comments. I’ll be moving on.

AdamChew

Thanks for writing out of the box thinking articles and these articles will either get you a lot of brickbats or kudos.
I am a diehard Apple products user from day one and I always recommend Apple products because they are easier to use and safer too.
I will be doing my friends a disservice by recommending them an OS which requires a geek to reconfigure.
Coming back to your articles I wish to congratulate you for the courage to write them and to stay the course.
And thanks for the many interesting articles.

Peter Maurer

Thanks for this summary, Ted. As an affected Mac utility developer, the lack of Mac users with pitchforks in hand is indeed the most interesting and disillusioning part of the whole story.

One might argue that said lack is in part due to the fact that Apple turned the attack on non-sandboxable apps into a sneak attack ? they opted to keep those apps in the Mac App Store and merely bar them from updating their apps in any significant way. And that of course means that a lot of users still buy those apps without even being aware of the issue.

In fact, I wouldn’t be surprised if that’s actually the majority of the Mac App Store’s customers. They’ve never heard of the sandboxing controversy, and all they’ll ever notice is that some apps stopped evolving at some point ? especially those apps whose developers failed to build a way to talk to their customers into their apps when there was still time to do so (i.e., before July 1st). As you know, we get zero data for App Store customers, so we can’t contact them directly. Our only option is to go through the app.

Regardless, it’s ultimately the users’ decision. If they don’t revolt, they will indeed have taught us developers a lesson: What we do isn’t as important as we thought. Time to come up with new, less integrated, more sandboxable app concepts.

bullyt

I have an email list of 23 Mac users that I use to notify them of important security updates. I will wager that none of them use any of the products that you lament will be affected by sandboxing. For those who do use them, they will know where to go to get updates. As I see it, the vast majority of Mac users will be positively served by the changes in the Os. All of the users on my contact list just want to surf, email and use their Macs in a safe environment as they’ve come to expect in the Mac universe. This is another postive step in that direction.

John C. Welch

At the opposite end of the spectrum, John Welch (writing here at TMO) argues that all of these worries about sandboxing amount to (and I?m paraphrasing here a bit) whining by people too ignorant to understand what sandboxing is all about: critical security enhancements.

If by “paraphrasing” you mean “I decided that because you don’t view sandboxing the way I do, you told people they were whining”, then yes, you did in fact, paraphrase.

I call this a “nontroversy” because that’s what it is to my eyes.

You want “advanced” users to bypass sandboxing? that’s already available ted: don’t sell on the MAS. Done. Sandboxing not required.

You’re doing what a lot of people are - using Sandboxing as an excuse to beat Apple about the MAS. They aren’t the same thing.

Here’s my question: Knowing that the MAS will not allow sandboxing, and knowing why, how many application devs have sat down to come up with their own solution?

There’s nothing in Lion, or Moutain Lion (that’s available publicly) which would prevent an external application store ala Steam. In fact, Steam is actually a great model here, as they have some features that all the other App stores wish they had.

So why not band together, pool resources and come up with an easy to use alternative? You need hosting, (Amazon or similar), you’d need a framework to tell people when updates are available, (sparkle + optional Growl) and a payment processor. These are all solved problems. Put on the front page of the store “WE DON’T CHECK ANYTHING. If an application does something bad, we’ll see about removing it, but we vet nothing before the fact. All applications are welcome here, all liability is assumed by the customer, namely you.”

is this easy in the “oh just give me ten minutes” way? No, it would not be at all. But is it astronomically difficult? Hardly. And, there are already similar constructs available that might be amenable to partnering to help expedite the setup details.

The only thing left would be marketing, and that’s one that a lot of indie devs are sometimes not so good at. Some have baldly stated they only want word of mouth. That’s their right, but I think they need to stop letting their bad opinions of marketing color the real-world benefits to letting the world know what you’re up to in an organized fashion.

I am continually fascinated that a group of people who talk about how “independent” they are, how they work for themselves, how they do it all will sit there and then demand Apple do it all for them. Apple doesn’t want you in their App store? Build your own, and show them how it’s done. Yes, marketing et al is hard, but come on, isn’t that part of being independent? Not relying on someone else to do it for you?

Before someone starts with the YOU DON’T KNOW WHAT IT’S LIKE, a previous gig I had was doing training for Apple operating systems. The company, mistakenly, relied on Apple’s marketcenter blast emails to do their marketing for them. Note the company is no longer in business because Apple changed how they did things, and the company went under. Took about a month. Apple does what is best for Apple.

There is nothing preventing the creation of a non-Apple App Store. There is nothing preventing it from being easy to use, (Easier even. The MAS isn’t the end all and be all here), and more open to customers.
There is nothing preventing the people behind it from getting the word out.

Well, except for the devs who would benefit from it actually doing it.

John C. Welch

John is either a moron or a tool. I?ll give him credit and call him a tool. I guarantee that the extent of his security experience is reading the Apple press release on sandboxing, because he shows no nuanced understanding of the subject. I dismissed his column and further debate as fanboy raving.

On the subject of how one qualifies for being either a moron or a tool, I bow to your obviously superior knowledge and life experience in both categories.

NovaScotian

The perfect analogy for “too much security” is TSA. There is very little evidence that their draconian searches have improved America’s security. I feel the same way about Apple’s sandboxing to the extent that it is made unavoidable.

skipaq

As a long time (starting with a Mac Plus) Mac user and non-dev; I look forward to the new changes. I know where to find software outside of the MAS. However, that is a very rare need.

I don’t buy high end products as they are pricey for my needs. I tend to purchase mid-ranged priced products. Lean apps are preferred and bloated apps are avoided. That puts me in the consumer target Apple aims to please. Most computer users I know have even smaller app needs than I do.

That is why this is a dev/pro user tempest. It will remain such and vanish IMO.

skipaq

John C., thanks for a best laugh of the day.

UrbanBard

UrbanBard said:
“Are ethics a mystery to you?”

Anyone who can seriously ask this question in this context is not worth my time to respond. Thanks for your comments. I?ll be moving on.

Many people in the Open Source community are ethically challenged. They do not believe that there should be restraints on their behaviors.  I was asking you to prove that you were restrained. You chose to move on. Who is being unserious?

I ask because your illustration of Apple?s excessive security is dubious.

“Apple?s submission guidelines, BareBones had to remove the ?authenticated save? option (the ability to save changes to files that you do not own) and command-line tools from the Mac App Store versions of these text-editing apps. Personally, the ?authenticated save? option has saved my bacon on several occasions; I would miss not having it.?


What ?Authenticated save? does is litter in someone else?s files. That may be convenient, but how is that ethical? Can you see the possibilities for abuse which Apple might want to curb?

We have a different vision of Mac OSX. I am approaching this from a consumer perspective. I don?t favor the management or the developers. Both have let me down.

Both need to be held accountable to serving my needs or I will go elsewhere. Unfortunately,  there are few alternatives.

Gustav

Why do developers add features which they know will not pass Apple?s security plans. These are not stupid people. They just think they can railroad Apple into doing their will.

1. They added them before Apple imposed sandboxing restrictions. Not only that Apple has added some after a while too. Apple hasn’t been clear about these entitlements up until last month.

2. Customers want these features. Part of what makes the Mac platform great is software that can interact with other apps and the system. If you want islands of apps like on iOS devices that can’t provide functionality to other apps or to the system as a whole, then so be it. But many Mac customers want more than that.

They don’t want to railroad Apple - they want Apple to see that there is productive use in features that they do not allow.

That’s not even getting into the discussion of whether sandboxing will help vs. security certificates alone. Is it a real protection or just “security theatre”

Peter Maurer

If by ?paraphrasing? you mean ?I decided that because you don?t view sandboxing the way I do, you told people they were whining?, then yes, you did in fact, paraphrase.

Since this is turning into a discussion about text interpretation, I’ll add my spontaneous impression to the data set: When I read what you wrote about sandboxing on MacObserer and Twitter (some of it as part of a discussion with Rob Griffiths, who happens to be my business partner), I did indeed get the feeling you were calling us whiners.

And you may have a point. But if you ever wondered _why_ we turned into whiners, it’s because Apple actively encouraged us to join the Mac App Store; they built the Mac App Store’s success on non-sandboxable apps to some extent. And then they turned around, introduced mandatory sandboxing, and gave us the (delayed, see my previous comment) boot. It’s just like you said:

Apple does what is best for Apple.

It’s arguably within their rights to do so, and this may even be the best for most of Apple’s customers as well. At the same time, I do think we developers have a right to be grumpy about Apple’s bait and switch maneuver.

As far as the creation of a non-Apple App Store goes, the thing about getting the word out is that Apple’s store is installed on every new Mac by default. So making users aware of an alternative, independent store will always be an uphill battle. It’s basically the situation we were in before 2011, only worse: Back then, we didn’t have to compete with Apple with regard to educating users about what kinds of software the Mac software universe consists of.

Yes, we could still give it a try. But it’s hard to tell whether the continuing effort would be be justified by the visibility gain, compared to educating users to use web search in addition to looking at Apple’s app store.

Ted Landau

If by ?paraphrasing? you mean ?I decided that because you don?t view sandboxing the way I do, you told people they were whining?, then yes, you did in fact, paraphrase.

I guess my statement was influenced by the crying (whining?) baby in the graphic of your article.

You want ?advanced? users to bypass sandboxing? that?s already available ted: don?t sell on the MAS. Done. Sandboxing not required.

I tried to address the problems with this “solution” in my article. Apparently, I didn’t do it to your satisfaction. So be it.

There?s nothing in Lion, or Moutain Lion (that?s available publicly) which would prevent an external application store ala Steam.

I agree with you here. I even mentioned the Bodega store, as an example, in my column. It looks quite promising.

You?re doing what a lot of people are - using Sandboxing as an excuse to beat Apple about the MAS. They aren?t the same thing.

I know what you mean here. I even admitted it in reference to the MarsEdit quote. However, it can get hard to separate the two. For example, if you want your app to be able to sync with iCloud (not exactly a sandboxing issue) you have to be in the App Store which then means your app has to meet sandboxing requirements (which the app may not be able to do).

Ted Landau

I recently tripped over another instance where Apple’s iCloud restriction is likely to cause problems for a developer. It’s not a huge deal, but I believe it’s worth mentioning.

Last week, I wrote about ScanSnap scanners. Their software includes a Scan to MobileMe option. As MobileMe no longer exists, I presume that they would like to replace the option with Scan to iCloud.

The problem is that Fujitsu does not make their ScanSnap software publicly available on the web (only a limited selection of updates are available from their site, where what you can get depends on what scanner you own and what software version you currently have). The only way you initially get the software is by buying one of their scanners. There is no easy way that Fujitsu could maintain this sort of control over the distribution of their software, if they had to put the software in the App Store. Maybe they could do something like what Apple does for downloading beta versions of Mountain Lion, but I doubt they will. And unless the software is in the App Store, there is no way to add iCloud support.

Actually, as I think about it more, I’m not sure adding an iCloud option, even if Apple allowed it, would work in this case. Unlike with MobileMe, there is no way to directly access iCloud files from the Finder (unless you go to the “secret” Mobile Documents folder in your Library folder, which Apple doesn’t want you to do). So it’s not clear how a user would “officially” access scans saved to iCloud. There may be a way around this, but this becomes yet another awkward obstacle to overcome.

So I am guessing that iCloud support is not a feature that we will be seeing on future versions of ScanSnap software.

UrbanBard

The perfect analogy for ?too much security? is TSA. There is very little evidence that their draconian searches have improved America?s security.


The fallacy here is assuming that TSA was ever intended to enhance security. Can you come up with another reason? I can.

I feel the same way about Apple?s sandboxing to the extent that it is made unavoidable.

Sand boxing is new. Anything new will have problems. The developers will adjust and find ways to restore features. In the main, this is a good thing. The complaint is that it costs the developers labor which they don?t get paid for.

UrbanBard

[quote author=“Gustav” date=“1341427145?]
UrbanBard said:
“Why do developers add features which they know will not pass Apple?s security plans. These are not stupid people. They just think they can railroad Apple into doing their will.?

1. They added them before Apple imposed sandboxing restrictions. Not only that Apple has added some after a while too. Apple hasn?t been clear about these entitlements up until last month.

Perhaps, those developers were out of the loop. I could see hints of this coming years before Apple started taking steps in Leopard 10.5. But then, it was never in my interest to ignore the possibility.

2. Customers want these features. Part of what makes the Mac platform great is software that can interact with other apps and the system.

The only way you can prove that customers want those features is that they choose your app over a competitor. Many features are ignored by consumers because they are for show, not utility.

If you want islands of apps like on iOS devices that can?t provide functionality to other apps or to the system as a whole, then so be it. But many Mac customers want more than that.

What if customers see those functions as clutter and bloat like in a Windows app? Apple is always pushing for simplicity while its developers push for complexity.

They don?t want to railroad Apple - they want Apple to see that there is productive use in features that they do not allow.

Sometime, neither has a clue as to what the customer wants. Besides, there are many customers and their needs may vary.

That?s not even getting into the discussion of whether sandboxing will help vs. security certificates alone. Is it a real protection or just ?security theatre?

Time and the market place will tell. Apple has made mistakes before and corrected its self. What Apple is doing is to extend the computer marketplace to people who would never think of owning a computer a few years ago. Is this a bad thing? Not necessarily, but some developers mat feel more comfortable programming for Windows.

Bosco (Brad Hutchings)

You?re doing what a lot of people are - using Sandboxing as an excuse to beat Apple about the MAS. They aren?t the same thing.

Truly the most meaningless parse of the issue I’ve seen. If not for the MAS, why would a developer deal with the sandbox? I’m curious if you know of any visible benefits that aren’t actually there.

Here is what the sandboxing / MAS tie-up is like. Imagine you take your family to the airport and there are two security lines, of which you must choose one. The first is TSA as you see in most airports today. The second has no patdowns, no scanners, no delays, but 500 feet of shrill, whiney people yelling at you about how you don’t take the safety of yourself, your family, or America (“f—- yeah!”) seriously. They yell that you have no ethics, probably cheat on your taxes, don’t pick up after your dog. They yell at your kids for urinating in the public pool. They call your wife a cheap whore, and make little inch-long gestures directed at your manhood.

Basically, what they would do is try to make the social costs so high that you’ll gladly let some fat dude in a blue glove handle your junk while another blue gloved “woman” (if you want to call her that) fondles your pre-teen daughter’s chest. That is what Apple is doing with MAS and Sandboxing.

It’s just like with airplane terrorism, billions of people except for handful of nutjobs were never the problem. Most developers are conscientious, passionate about their products and customers, and are not the problem.  Yet they are the ones being punished in the name of “security” or Apple getting its 30% or whatever.

John C. Welch

Sigh, because multi-level quotes here are borked beyond belief…

I said
You?re doing what a lot of people are - using Sandboxing as an excuse to beat Apple about the MAS. They aren?t the same thing.

then brad said:

Truly the most meaningless parse of the issue I?ve seen. If not for the MAS, why would a developer deal with the sandbox? I?m curious if you know of any visible benefits that aren?t actually there.

Here is what the sandboxing / MAS tie-up is like. Imagine you take your family to the airport and there are two security lines, of which you must choose one. The first is TSA as you see in most airports today. The second has no patdowns, no scanners, no delays, but 500 feet of shrill, whiney people yelling at you about how you don?t take the safety of yourself, your family, or America (?f?- yeah!?) seriously. They yell that you have no ethics, probably cheat on your taxes, don?t pick up after your dog. They yell at your kids for urinating in the public pool. They call your wife a cheap whore, and make little inch-long gestures directed at your manhood.

Basically, what they would do is try to make the social costs so high that you?ll gladly let some fat dude in a blue glove handle your junk while another blue gloved ?woman? (if you want to call her that) fondles your pre-teen daughter?s chest. That is what Apple is doing with MAS and Sandboxing.

It?s just like with airplane terrorism, billions of people except for handful of nutjobs were never the problem. Most developers are conscientious, passionate about their products and customers, and are not the problem.? Yet they are the ones being punished in the name of ?security? or Apple getting its 30% or whatever.

my response:

That’s the beauty of life brad. You’ve already decided I’m a moron or a tool, so why would I bother to even TRY to engage you on this? Anything I say in disagreement with you will be summarily dismissed by you as pro-Apple stupidity because after all, you guarantee

that the extent of his security experience is reading the Apple press release on sandboxing, because he shows no nuanced understanding of the subject. I dismissed his column and further debate as fanboy raving.

Since you’ve already dismissed what I say as “fanboy raving”, there’s no point in bothering with you. You’ve precisely zero interest in actually discussion, but rather are searching for nothing but talking points with which to hold me up as a moronic raving fanboy tool.

Good luck with that.

Bosco (Brad Hutchings)

Since you?ve already dismissed what I say as ?fanboy raving?, there?s no point in bothering with you. You?ve precisely zero interest in actually discussion, but rather are searching for nothing but talking points with which to hold me up as a moronic raving fanboy tool.

I keep trying to give you an in, here. Here are some questions you could answer so that we might be able to decide if my intuition about your knowledge is correct, or if you really know anything about the subject. Feel free to answer these for us, as they would give wider context to the technical certainty you project.

1. Ever developed a software product?

1a. [added in edit] Ever made distribution decisions about a software product you developed?

2. Why would a developer “sandbox” (a terrible verb, but that’s how the kids are talking) an app if he has no intention of publishing through MAS?

3. Did you have an opinion on 3rd party tools/libraries for iOS apps two years ago? Dated link appreciated.

4. Two sentences: describe the relationship between Flash and AIR.

Thanks!!

webjprgm

Do we really need a mud fight here?  I skipped most of the comments on this article (anything with one of the three or four arguers defaming or defending themselves).

This is a very interesting topic, on which we could be having some very interesting debate.

iJack

A Higgs boson walks into a Catholic Church.
The priest says “We don’t allow Higgs bosons in here!”
The Higgs boson says “But without me, you can’t have mass!”

webjprgm

Comments on Sandboxing:

The idea is to restrict apps to doing only what they say they are doing, thus if an app is compromised (e.g. by a buffer overflow attack), it cannot touch anything more than what it’s designed to touch.  For example, if there’s a buffer overflow attack in a TIFF image processing library, then Preview or Safari being affected won’t allow installation of a root-level backdoor, but might be able to mess with a few of the user’s personal files.

The problem is that Apple has not made entitlements that allow all apps to function properly.  And yes, Apple does have some apps that use sandboxing.  In Mountain Lion there are a bunch of them, like TextEdit, Preview, and I think Mail (but am not sure).  In theory Apple will add further entitlements over time.  In practice there may be some that they never add, and at the moment there are many that are missing, resulting in the complaints listed at the beginning of this article.

Can an app sell it’s main bundle through the Mac App Store and then have a free add-on distributed through their website that adds the rest of the features?  For example, I use TextWrangler’s command line tools a lot (just the “edit” command, really), so could I download those tools from BB’s web site to complete TextWrangler downloaded through MAS?  Some features might be harder to add this way, like the authenticated-save, but with some clever plug-in architecture I wonder if that would work too?

Comments on Mac App Store:

The Mac App Store is a very easy way for small software developers to get into the business.  Remember back in the day when AmbrosiaSW.com was a good place to go for the latest Mac games?  It’s not anymore, because small developers don’t need Ambrosia’s clout to distribute Mac games, they use Apple’s via the MAS.

But still, the first place I look for software is Google.  That leads me to forums and reviews, and then to the developer’s web site.  If that links me to the MAS, fine.  But they could easily offer their apps for sale through their own site or some other site.  The other day I needed to install VLC on a Mac (my sister’s).  Google -> VLC website -> download.

What about Bodega?  Well, I’m not looking for a million competing software distribution channels.  If it’s a web site, fine, but if I have to install everyone’s MAS-clone, I’m probably going to look elsewhere.  I used to use Fink, and then when MacPorts was more popular I dragged my feet because I didn’t want two competing software installation methods.  Those two can conflict with each other.  When I set up a new computer in 2011 I switched to using only Homebrew.  An advantage that Linux distros have is that each distro has standardized on a single software distribution channel (even though the user has the option to use other ones).  So on the Mac I’m also looking for a single channel, and that’s most likely going to be MAS for apps (and still Homebrew for command-line stuff and libraries for now).

Since you can sell with or without the Mac App Store, and since Google works fine for getting apps, and since there are web-site based channels for software distribution that still work, I’m not much worried now.

But iCloud is the part that bothers me.  Only MAS store apps can use iCloud?  That’s horrible.  That means an app that doesn’t meet Apple’s policies for the MAS is unfairly punished embargo-style by blocking the use of iCloud in addition to blocking the use of MAS as a software distribution channel.  In the BBEdit / TextWrangler case, for example, that means they can’t just ditch the MAS if they want iCloud features, but then they need to drop all their other features or else use the separate add-on idea I mentioned above.  If the add-on idea works, then this turns out to be a non-issue and I’ll be happy.

Or could you sell MyApp iCloud Enabler via the MAS that is nothing more than a middle-man for storing your app’s content in iCloud, then sell your real app separately?  I’m not sure what Apple’s policies are with respect to that.  Could you even implement a Dropbox-like storage app in iCloud, or would Apple deny that one?  Anyway, there are things for developers to figure out.

webjprgm

Oh, I thought of one more thing.  iCloud for MAS apps only also means Apple grabs 30% of app sales for any app that wants to use iCloud.  Thats a huge tax if you are only using MAS so you can get iCloud, but is irrelevant if you were already using MAS for software distribution.

If you can split your app into two pieces then this is fixed.  E.g. have a $20 app you sell yourself and a $2 app on the MAS, then your main app talks to the small MAS one to do all iCloud storage.  This is dependent on whether Apple allows this kind of behavior.

Terrin

I keep trying to give you an in, here. Here are some questions you could answer so that we might be able to decide if my intuition about your knowledge is correct, or if you really know anything about the subject. Feel free to answer these for us, as they would give wider context to the technical certainty you project.

1. Ever developed a software product?

1a. [added in edit] Ever made distribution decisions about a software product you developed?

2. Why would a developer ?sandbox? (a terrible verb, but that?s how the kids are talking) an app if he has no intention of publishing through MAS?

3. Did you have an opinion on 3rd party tools/libraries for iOS apps two years ago? Dated link appreciated.

4. Two sentences: describe the relationship between Flash and AIR.

Thanks!!

Like if somebody called you a tool or moron, you’d bother answering that person’s questions. That would confirm you were a later.

John C. Welch

Brad said:

I keep trying to give you an in, here.

Aw, I’m flattered big guy, but I’m married.

Here are some questions you could answer so that we might be able to decide if my intuition about your knowledge is correct, or if you really know anything about the subject. Feel free to answer these for us, as they would give wider context to the technical certainty you project.

I wish I may, I wish I might, care what Brad thinks of me on any night.

1. Ever developed a software product?

Ever hung out in a men’s locker room?

1a. [added in edit] Ever made distribution decisions about a software product you developed?

Ever watch gladiator movies?

2. Why would a developer ?sandbox? (a terrible verb, but that?s how the kids are talking) an app if he has no intention of publishing through MAS?

Why do birds suddenly appear,
Every time, you are near?

3. Did you have an opinion on 3rd party tools/libraries for iOS apps two years ago? Dated link appreciated.

Have you never been mellow?

4. Two sentences: describe the relationship between Flash and AIR.

I’m sorry, you’ll have to actually write two sentences for that to make any sense.

Thanks!!

You don’t get to come back tomorrow!
You don’t get a year’s supply of Rice-a-Roni, the San Francisco treat!
You don’t even get a lousy copy of our home game!

One developer

Nothing is secure on a computer. There are still ways to hack the new OSX 10.8.
BTW. a system which is connected to the internet, is never secure.

It is just a way to make money.
Apple forces developers to pay $99/year and give them a “developer ID”.
The programs of a developer without a developer ID cannot run on OSX 10.8. So the developer have either to pay or to die.
They will control the whole mac market. This is “think different”.

iJack

They will control the whole mac market. This is ?think different?.

Isn’t this the exact kind of corporate behavior that has landed Microsoft in court several times?  I remember that we all laughed with glee.  Maybe it’s time for some court to give Apple a smack in the chops.

UrbanBard

Some of the comments here are strange. I doubt that Apple has fiendish designs. Nor is it, likely, to want to control the whole Mac market. Please park your paranoia at the door.

Apple is just at an inflection point; the move in Mountain Lion to 64 bit hardware is demanding that it give its developers deadlines. Neither Apple nor the developers have a history of liking deadlines.

Most of Apple?s attention is on iOS, not OSX. But, iOS needs content which tends to be developed on a Mac. Improving security is not a current necessity, but adding ASLR, DEP and Sand-boxing can cut down on Apple?s detractors.

This all about the process of migrating from a stand alone computer file system, where the user or developer can control anything, to a modern multi-user OS. Mountain Lion completes the process of moving from NeXTstep to Mac OSX.

It has been a difficult journey with detours into Carbon, Java and Flash which it is slowly discarding. Some people never like giving up the past. It will be interesting to see where Apple takes us, but one thing is certain: Apple will never run out of complaints.

iJack

Please park your paranoia at the door.

Another smug jerk critique.  Don’t like the ‘strange’ comments?  Then bugger off.

One developer

Isn?t this the exact kind of corporate behavior that has landed Microsoft in court several times?? I remember that we all laughed with glee.? Maybe it?s time for some court to give Apple a smack in the chops.

exactly. The fact is, I’m not against Apple. I love Apple and its innovations and ideas. BUT the way it takes to make profit is wrong. Nobody should force someone to do something.

You wanna make the OS secure, OK ( I don’t think that sandbox is secure, but this is another story). Register each developer and give them an ID without charging them for nothing.

We, a bunch of developers are thinking about suing Apple because of forcing developers to pay money for an ID and planning to control the Mac-market. AGAIN, without an dev-ID my programs will not run on OSX 10.8.

Just facts, no dreams.

UrbanBard

iJack, If you have a good case against Apple, then prove it. The DOJ is unlikely to class Apple as a monopoly until it has over half of the Phone market. What is it now? 10%?

I don?t need a good case to doubt you. Doubting you does not mean that I am necessarily Apple?s advocate. I?m just trying to look at all sides. Until someone can prove Apple?s malevolent intent, why should anyone believe it?

One developer, It is against no law to charge developers an entry fee. You are free to develop for some other OS. Do you think that Apple owes you anything? Is $99 such a big deal? Where are you from? Bangladesh?

Also, no computer system is perfect or 100% safe. It is delusive to think that one could be. The reality, though, is that 95% of the malware is on MS Windows, 4% is on Linux and the rest is on the Mac. That doesn?t say that the Mac is good so much as that the competition is lacking.

Bosco (Brad Hutchings)

Also, no computer system is perfect or 100% safe. It is delusive to think that one could be. The reality, though, is that 95% of the malware is on MS Windows, 4% is on Linux and the rest is on the Mac. That doesn?t say that the Mac is good so much as that the competition is lacking.

A completely meaningless statistic, if even true. In April, Sophos found that 20% of Macs actually harbor malware. Much of that harbored malware is for Windows, but imagine having a bunch of Macs in your organization that are harboring this stuff. It’s like having someone immune to syphilis spewing his DNA all over your living space.

Security experts trained by Apple press releases think that sandboxing is the solution. Well, no, because Macs can still harbor other threats, and let’s face it, Macs are now becoming the platform of choice for the less technically inclined, those who won’t ever understand that forwarding chain letters with attachments pose severe risks for recipients.

iJack

If you have a good case against Apple, then prove it…
Until someone can prove Apple?s malevolent intent, why should anyone believe it?

Bvllshit!  I don’t have to prove anything to you.  That’s a job way above my pay-grade.  I’m not the only one here that thinks something is amiss with Apple’s course of turning OSX from a tool into a toy.  I don’t care if you believe me/us or not, but your ‘park your paranoia’ and ‘strange comments’ cracks were too much for me not to respond.

This isn’t the only thread on TMO where this ongoing subject (by which I mean much, much more than mere ‘sandboxing’) has been discussed, and I don’t feel like catching you up.

Take a side, don’t take a side; I couldn’t care less.  But if you take swipe at me personally, be prepared for double the same in return.

UrbanBard

“A completely meaningless statistic, if even true. In April, Sophos found that 20% of Macs actually harbor malware. Much of that harbored malware is for Windows, but imagine having a bunch of Macs in your organization that are harboring this stuff.

That is the reason Apple advised Anti-virus software.  I periodically run ClamXAV, as a kindness. But, better yet, let?s get rid of MS Windows. That is the real infection source. Why do you obsess about the 1% and not the 95%?

“It?s like having someone immune to syphilis spewing his DNA all over your living space.?

Gad, What an absurd argument. Are you saying that clean DNA is a problem? Everyone leaves behind DNA just by existing; skin is always flaking off, we breath out, we cough, etc. It usually harms no one.

I think the example you were seeking was Typhoid Mary, not Syphilis. Besides, you are much more likely to get infected by another Windows user.

There is also no ONE solution; security is an ongoing problem. Neither ASLR, DEP nor Sand boxing is THE solution, because Macs don?t get inflected now. But, they might in the future, so let us have it as a preventative. As I said, this is part of the long awaited upgrade to 64 bit hardware.

“Macs are now becoming the platform of choice for the less technically inclined, those who won?t ever understand that forwarding chain letters with attachments pose severe risks for recipients.?

That is why Apple is upgrading security.

I have a question. Why should we Mac users care about Windows users, when they are, so often, unpleasant?

John C. Welch

It is just a way to make money.
Apple forces developers to pay $99/year and give them a ?developer ID?.
The programs of a developer without a developer ID cannot run on OSX 10.8. So the developer have either to pay or to die.

That’s completely incorrect. You can in fact tell mountain lion to run any application you’d like. It not the default, (then again, neither is MAS-only), but what you’re stating is in fact, untrue, as shown by the screen shot for Gatekeeper at http://www.apple.com/osx/whats-new/, which also shows the default settings.

UrbanBard

iJack said:“Bvllshit!  I don?t have to prove anything to you.  ?

If you are unable to persuade me, then you are unlikely to persuade anyone. If you don?t want to persuade me, then why open your mouth? Why try to shut mine?

“I?m not the only one here that thinks something is amiss with Apple?s course of turning OSX from a tool into a toy.  ?

Tell me again, Who are you to judge Apple?s plans? Gripe all you want, but are you a narcissist?

Apple is going in two directions simultaneously: the consumer market and the content creation market. Steve Jobs called it the Cars / Truck strategy.

“I don?t care if you believe me/us or not, but your ?park your paranoia? and ?strange comments? cracks were too much for me not to respond.?

You are taking this personally. I never called you out by name. But, If the shoe fits?

“This isn?t the only thread on TMO where… much, much more than mere ?sandboxing?) has been discussed, and I don?t feel like catching you up.?

If you have an argument, make it. What I?ve heard so far is illogical, strange and paranoid. No one has done a good job of providing evidence and logic.

“But if you take swipe at me personally, be prepared for double the same in return.?

Tell me again, who are you? I was replying to arguments. I don?t care if you get upset; this not about you.

wab95

Ted:

Congratulations on yet another thoughtful, and more importantly, thought provoking article. I’ve been away from the Internet the past 10 days, by and large, and am just catching up here in some lounge in Geneva.

It is a pity that much of the discussion has devolved into pettiness and puerility, as there are several good points being made by clearly intelligent commenters who simply hold differing opinions, and a learning opportunity risks being lost in the scrum.

Let me make one observation and pose one question.

As a non-developer, but a competent professional client of Apple products, I am bemused by anyone’s disappointment that Apple users are not queuing up with pitchforks and torches in Cupertino. True, for developers, Apple and their products may be one’s entire livelihood; for most users, including many in the professional ranks, they are not. Apple products are simply a tool, a means to an end. So long as those tools continue to permit and facilitate productivity, and better still, do so with without major security compromises of valuable data, those users will be happy, adapt to OS and rules changes and move on. Most apps from third party developers are used by a minority fraction of Apple clients, and however useful, seldom attain the status of indispensability. I love Smile’s Text Expander, but frankly, despite how much writing I do, if it went away tomorrow, I’d adapt. I am not prepared to go to war over it should it eventually go away. Indeed, I fully expect another plucky developer to figure out Apple’s new rules and take over that niche.

The only way that Apple clients are going to go to bat for any particular developer, or the developer class as a whole, is for the latter to convince the former that they are less well off, in a word, compromised (productivity, security, what have you) if they do not - not by argument but in a way that the user feels it and is convinced. Failing that, most of us simply have too much else going on that comprise higher order priorities to get overly excited.

Now my question. When SJ started talking about the post-PC era, what did we think he meant, or that Apple currently mean by it?

I suggest that anyone who thought that phrase to refer only to the rise of tablet hardware was gravely mistaken. These new trends with Mountain Lion and the MAS, in my view, amply bear this out. The days of the PC, with it’s geek-tinker-tailor-soldier-spy mythos and culture are drawing to as sure a close as did gas lamps and horse drawn carriages at the turn of the 20th Century. Soldering and spying are now the purview of governments and syndicates; and as for tinkering and tailoring, higher order priorities, including integrated functionality, trouble-free use and security are bulldozing that geek playground into a fading memory.  Most of what we associated with that bygone era is yielding to a new age and a new reality.

No doubt, Apple’s new directions will continue to be hotly debated in these columns, and by the developer community throughout the bloggosphere. Of one thing I am certain, however; all the angst in the world will not roll back the clock to the days of the PC - in its broader sense as used above. And if any feature is to be put back, it will be because of demonstrated benefit to end users, and not developer preference, however visceral.

NovaScotian

I think WAB has done a nice job of summarizing the attitude of many Mac users. As a heavy user of Keyboard Maestro and AppleScript I will be extremely disappointed (at the level of not upgrading the system) if those are impaired and I don’t use iCloud for anything because in my view, Apple hasn’t got it right yet.

Dropbox for files and Fruux for iCal, Bookmarks, and Contacts keep me in sync to the extent that i want to be in sync and if those utilities were somehow blocked, then again, I wouldn’t upgrade. I don’t use the MAS for much preferring to upgrade from the author directly where possible. If Apple ever fixes the inability to consolidate AppleIDs, I might reconsider, but now I have two with no idea which to use off hand and the MAS seems to be confused by that too.

UrbanBard

Thanks, wab95, it was good to see some perspective. I was at the center of some of that pettiness. It wasn?t my intent to be derogatory. We humans are often unethical when it is in our interest.

I made the observation that these ?tempests in a teapot? have occurred before. Apple is nudging us toward its vision of the future; I suspect it is like herding cats. There are competing visions and Apple learned from Microsoft to be secretive.

I don?t see Sand Boxing as essential; it is ever finer granularity of control. It might prevent some unpleasantness or unethical behavior in the future. Mostly I see it as a requirement of 64 bit hardware. Almost all of the work arounds in adapting NeXTstep to the Mac are complete. Gripes still linger from that bygone age. Some people resent the requirements of a Multi User operating system. NeXTstep purists are displeased.

Apple has a short tail; it periodically lops off obsolete hardware and software. When it does so, there are plenty of complaints.

We users don?t have to go along with Apple?s plans. I?m not leading edge; my needs are well met by a 4 year old 24? iMac on snow leopard. I?ll upgrade to Mountain Lion because I can and it is cheap. I don?t need all the bells and whistles and am somewhat amused by those who think them vital.

Unlike some of the people here, I don?t think that Apple is a tyrant. Nor does it always get its way. Apple used to have a problem with NIMBY, but it has learned to use concepts and hardware which others developed. In fact, many of Apple?s successes have been in redesigning failed products. Take Apple?s revamping of the music player. The iPod didn?t have the bells and whistles of other players, but it had what the public wanted.

I was interested to note that Mountain Lion has a rudimentary hypervisor in it. I don?t know what use Apple will make of it, but it is apt to be different from the Intel / Microsoft version. MS Windows is seriously flawed because it has no internal permissions system. The Hypervisor was created by Intel to correct that. Mac OSX has no such flaw, so the hypervisor is unlikely to be used for that reason. I?ll have to think about it.

I see no urgency. Apple tends to put parts of an invention in place long before we can see the puzzle. Look up Quicktime?s history for a reference.

Log-in to comment