Archive for November 4, 2011

Friday, November 4, 2011 [Tweets] [Favorites]

Macworld on Sandboxing

Lex Friedman:

The Many Tricks team—Peter Maurer and former Macworld senior editor Rob Griffiths—is also concerned. “As of now, entitlements for the core features of many of our apps don’t even exist, which means we cannot make them compliant at all,” the developers said in an email interview. “In fact, these entitlements may never exist, as Apple appears to be in the process of redefining the fundamental concept of what third-party software is supposed to be capable of doing on the Mac.” Many Tricks says that several of its apps—Moom, Witch, and Time Sink—“rely on the Accessibility API and inter-application communication to do what they do, and these features will not be available to us” unless Apple modifies its restrictions. Right now, the developers expect they’ll need to pull all three apps from the store and rely on selling from their website instead.

It’s strange is how rushed this all is. The sandbox was announced at WWDC in June when Lion was already essentially done. So there wasn’t really time to make any fixes based on developer feedback before it shipped. It wasn’t until now that the sandbox requirement even appeared in writing on Apple’s developer Web site. Now the deadline has changed to March, which means that either Apple plans to introduce major changes in a 0.0.1 update or that they don’t plan to make many improvements before then. It’s the opposite of other major transitions: Carbon, Intel, 64-bit, etc. where the plan was announced well ahead of time and Apple was clearly eating its own dog food for a cycle or two in advance.

Alfred Powerpack and the Mac App Store

Andrew Pepperrell:

Having the Powerpack in the Mac App Store would not only bring me more revenue, but it’s also a trusted discovery channel for new users – I *know* Alfred would have significantly more Powerpack users by selling through this channel.

Alfred has always used safe, public APIs and been extremely well behaved. Nevertheless, sandboxing means that many of the “OS X allowed” Powerpack features mentioned above would need to be limited or removed if I wanted to continue selling through the Mac App Store from and after March 2012.

Real Security in Mac OS X Requires Apple-Signed Certificates

Wil Shipley has an excellent post about the bigger picture:

The problem Mac developers are facing is that the two that Apple is enforcing on the Mac App Store (Sandboxing and Code Auditing) are implemented currently to be actively bad for developers and not particularly good for users. And the method that would provide the most benefit for developers and users (Certification) isn’t enforced broadly enough to be useful.

There are so many good paragraphs I was tempted to quote, but you should just read the whole thing.