[Macworld]

Post your comments for Sandboxing will 'disadvantage Mac users,' say developers here

[bastion]

"I'm not sure they'll admit it, but they may start releasing the leash, making Sandbox more flexible and more developer-friendly."

They admitted up-front that it was imperfect, and have been soliciting and reacting to feedback to make it more developer- and user-friendly since then.

Also: The link in the article takes you to the wrong company named Cognito. It should be http://cognito.co.nz/.

Mr. Cowie's comment is well-taken. I don't under what new series of dialogs Mr. East thinks users will be swamped by. The outright removal of features noted by Mr. Reiff is realistic but atypical.

This post has been edited by bastion: 29 May 2012 - 09:17 AM

[DavidBarto]

It would be nice if I could set a 'sandbox limit' for each application. So the financial app can have access that allows exporting to excel, and the photo editor has access to the photo management software, without intermediate save/import operations.

The limit would be set when the application first attempts to perform the restricted operation and I can then say 'allow once'/'allow always'/deny (with deny being the default).

[DougAdams]

bastion, on 29 May 2012 - 09:16 AM, said:

I don't under what new series of dialogs Mr. East thinks users will be swamped by.

In order to access files or folders for which an app has not anticipated the location requires the app to ask for permission to access. Typically this permission will be asked for using an open or save dialog. This will no doubt require many applications to ask permission to access locations that were easily accessible pre-sandboxing without asking permission.

[Luis_Alejandro]

"Sandboxing will 'disadvantage Mac users,' say developers"

Will sandboxing give users a more safe environtment?
Developers seem not to take into account the "our of developer's world" benefits.
Are there better ways? Sure. Let's find them, but safety is almost a must nowadays.

[technologist]

Quote

Instead the user will have to save the report as some sort of file, and then open Excel/Numbers and use the Import command. So what has been for years a simple one step operation will become a multi-step error-prone task".

So, users will have to learn some basic computer skills, like saving, locating, and opening files.

I can think of no downsides to this.

[dolph0291]

As long as they keep AppleScript and Services, I'm good.

[Nyhthawk]

dolph0291, on 29 May 2012 - 09:51 AM, said:

As long as they keep AppleScript and Services, I'm good.

You can reference a previous Macworld article about that subject: <http://www.macworld.com/article/1165641/how_increased_mac_security_measures_will_impact_applescript.html>


It's worth emphasizing again that AppleScript scripts, applets, and droplets, and Automator workflows, applets, and services, whether executed within the AppleScript Editor, Automator, the system-wide Script Menu, the Services menu, or contextual menus, will continue to run as they always have with full access and no restrictions. The sandbox effects only applications running scripts, and there are new security mechanisms and designs in the new OS to allow them to continue to do so.

Cheers!

[ebluGamma]

dolph0291, on 29 May 2012 - 09:51 AM, said:

As long as they keep AppleScript and Services, I'm good.

actually, being a developer that relies heavily on APPLE OS Level tools like: spotlight, applescript, and services... I can tell you that you are going to lose a lot of the flexibility and magic of these systems. Sandboxing, as designed and currently implemented is a bullet in the head of what makes a mac special. Does it make you safer as a user? certainly. but it fails to do what it advertises: creating a simple to use opt-in approach to system resources. They just didn't make any opt-in options for many of these technologies... so they rot on the vine.

[bastion]

DougAdams, on 29 May 2012 - 09:28 AM, said:

bastion, on 29 May 2012 - 09:16 AM, said:

I don't under what new series of dialogs Mr. East thinks users will be swamped by.

In order to access files or folders for which an app has not anticipated the location requires the app to ask for permission to access. Typically this permission will be asked for using an open or save dialog. This will no doubt require many applications to ask permission to access locations that were easily accessible pre-sandboxing without asking permission.

But there are entitlements that cover the large majority of those scenarios.

[monospaced]

Simple workaround: don't sell through the App store.

[scott2si]

I wish the developers could get together and form a class-action lawsuit against Apple for this.

[DougAdams]

bastion, on 29 May 2012 - 10:14 AM, said:

DougAdams, on 29 May 2012 - 09:28 AM, said:

bastion, on 29 May 2012 - 09:16 AM, said:

I don't under what new series of dialogs Mr. East thinks users will be swamped by.

In order to access files or folders for which an app has not anticipated the location requires the app to ask for permission to access. Typically this permission will be asked for using an open or save dialog. This will no doubt require many applications to ask permission to access locations that were easily accessible pre-sandboxing without asking permission.

But there are entitlements that cover the large majority of those scenarios.

I don't know if I would describe the allowed entitlements as covering a large majority of scenarios. Perhaps a reasonable number of scenarios. For example, a user can change the location of the iPhoto database. While an app can ask for entitlements to its default location, it cannot know where a user has moved it to unless it asks. That is merely a simple example. You can imagine the number of unanticipated locations that files and folders can be re-located by a user. Getting entitlements to locations outside the sandbox where a user may have stored media files is one such example.

[dolph0291]

ebluGamma, on 29 May 2012 - 10:07 AM, said:

dolph0291, on 29 May 2012 - 09:51 AM, said:

As long as they keep AppleScript and Services, I'm good.

actually, being a developer that relies heavily on APPLE OS Level tools like: spotlight, applescript, and services... I can tell you that you are going to lose a lot of the flexibility and magic of these systems. Sandboxing, as designed and currently implemented is a bullet in the head of what makes a mac special. Does it make you safer as a user? certainly. but it fails to do what it advertises: creating a simple to use opt-in approach to system resources. They just didn't make any opt-in options for many of these technologies... so they rot on the vine.

That is a shame because Applescript and Services really really set OS X heads above Windows. Not just a little, by leaps and bounds. I would never switch to Windows simply because of one site, one site in the world, and that's Doug's Scripts. It only relates to iTunes but it's a life saver for me and millions others, I'm sure. As well, I think it's a shame that developers don't use Services more. Heck, it's sad that Apple doesn't use Services in their own software more. They are truly wonderful things.