Archive for September 23, 2012

Sunday, September 23, 2012 [Tweets] [Favorites]

BitTorrent and the App Store

TorrentFreak (via Hacker News):

Apple defended this policy and told developers that their apps were not allowed “because this category of applications is often used for the purpose of infringing third-party rights.”

However, now some apps are being approved:

While other BitTorrent apps slipped by Apple’s review team for a day or two, Conttrol’s entrance into the App store is not an isolated incident. A few months ago Apple also blessed Transmission RPC, a remote control for the Transmission popular client.

Visi

David Pollak:

Visi.io is a language, runtime, and development environment written in Haskell (and a little Objective-C) that runs on the iPad and in the Cloud. Visi.io and Visi.Pro will make writing beautiful, interactive iPad facing, Cloud powered apps super simple.

And the GitHub page says:

Visi is an open source language that blends concepts from spreadsheets, scripting languages, functional languages such as Haskell and OCaml, and other systems. The goal of Visi is to be accessible for Excel power users, yet be “correct” such that runnable code should be substantially bug-free.

Via Jonathan Rentzsch, who compares it with Soulver.

Mountain Lion’s Mail

Pierre Igot:

In other words, the selectiong highlighting colour remains the neutral grey that is normally indicative of a selection that is in the background, even though the window is now in the foreground. And even if I click on the message again to confirm that it is selected, the selection highlighting colour remains the neutral grey that is normally indicative of a selection that is in the background.

Even in OS X 10.8.2, I’m seeing a bunch of bugs in Mail: read/flagged indicators that don’t update right away (and don’t sync at all from the iPhone), messages that can’t be marked as unread, and searches that don’t find the messages they’re supposed to.

I’m also seeing a new behavior when I receive multiple copies of the same message (e.g. as a direct recipient and via a mailing list or two). Mail seems to silently delete one of them! I can see two messages in my iPhone’s inbox and watch one of them disappear when I open Apple Mail. This has made it difficult to test some mailing lists that I administer, as Mail was deleting messages that really were not equivalent.

See also: Replying From the Proper Account.

Don’t Break Emacs Shortcuts

Andy Lee:

Native apps can “break Emacs” too. I just reported a bug in Sublime Text where ^K (kill to end-of-paragraph) doesn't work in the text field in its Save dialog. I suspect this is because, for some reason, Sublime Text explicitly maps ^K to an item in the Edit menu instead of falling back on the default Cocoa behavior.

Update (2012-09-23): Thanks to Andy Lee for noticing that I had originally misattributed his post to Andy Kim.

Kickstarter Is Not a Store

Perry Chen, Yancey Strickler, and Charles Adler:

It’s hard to know how many people feel like they’re shopping at a store when they’re backing projects on Kickstarter, but we want to make sure that it’s no one. Today we’re introducing a number of changes to reinforce that Kickstarter isn’t a store — it’s a new way for creators and audiences to work together to make things.

Swiss Federal Railways Says Apple Copied Its Iconic Railway Clock

MacRumors (via John Gruber):

Switzerland’s Schweizerische Bundesbahnen, or Swiss Federal Railway service, has accused Apple of using their iconic clock in its Clock app for iPad without permission, according to a report in the Swiss newspaper Blick [Google Translate].

Seeing how similar they are, I would have assumed that Apple had licensed the design.

Converting “Finding Nemo” to 3D

Jim Hill:

“What was kind of funny was that we’d show Andrew [Stanton] some of our shots and then explain how we’d had to move a particular piece of particulate matter in order to get rid of a bit of visual distraction, make the scene look better in 3D. And he’d know the exact CG fleck that we were talking about,” [Bob] Whitehill marveled. “Andrew could remember—when they were originally putting together the 2D version of Finding Nemo—how they’d put that particular particulate in place so that the sea Marlin & Dory were swimming in would look just right. So it would provide the proper mood & setting for that moment in the movie.”

Aperture 3.4, Sandboxing, and FlickrExport

Aperture 3.4 is now sandboxed (via Fraser Speirs). This initially caused some problems because it did not migrate my FlickrExport preferences file from:

~/Library/Preferences/com.connectedflow.flickrexportaperture.plist

to:

~/Library/Containers/com.apple.Aperture/Data/Library/Preferences/com.connectedflow.flickrexportaperture.plist

FlickrExport thus didn’t find its preferences. It lost its Flickr API token, thought I hadn’t purchased, and lost my preferences for which keywords to hide. I re-added these, but it wasn’t until after I’d uploaded a set that I realized I had forgotten to re-enable the preferences to save the Flickr ID and URL back to Aperture. Thus, the options to replace photos and update metadata didn’t work until I’d copied and pasted all the photo IDs from the Web site. In retrospect, I should have moved the preferences file to the new location right after updating Aperture. Of course, I would have if I had known then that it was sandboxed.

Knowing a bit about how Aperture works, I wondered how some of its features could be made to work in the App Sandbox. The answer is that Apple plays by different rules. For example, my copy of Aperture isn’t from the Mac App Store, but it has access to iCloud. Third-party applications need to use clunky UI workarounds and security-scoped bookmarks to access files outside of a document package; Apple simply gives Aperture a com.apple.security.temporary-exception.files.absolute-path.read-write entitlement with value /, i.e. read-write access to the entire filesystem. Aperture also makes use of com.apple.security.temporary-exception.sbpl, which Daniel Jalkut noted is the Big Red Button.

Also note that, aside from “com.apple.PhotoApps.AVCHDConverter.xpc” (presumably a codec), Aperture does not use XPC services for privilege separation. The main Aperture application has full hard drive access, as well as being a network client, a network server, and all the rest.

With so many entitlements and temporary exceptions, it doesn’t seem like “sandboxing” Aperture in this way provides many security benefits. Aperture isn’t protected from bugs in itself. And a malicious plug-in could read my address book (or, indeed, any file on my hard drive) and upload it over the network. However, it does restrict what plug-ins can do a bit. For example, Aperture has temporary exceptions for sending Apple events to Mail and iTunes; other event targets are forbidden. This means, for example, that you can no longer write a plug-in that integrates Aperture with Photoshop or Acorn.

Here’s the full list of Aperture 3.4 entitlements:

icarus$ codesign -d --entitlements - /Applications/Aperture.app|bbedit
Executable=/Applications/Aperture.app/Contents/MacOS/Aperture

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.application-identifier</key>
    <string>F9L2L89K5X.com.apple.Aperture</string>
    <key>com.apple.private.icloud-account-access</key>
    <true/>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.assets.movies.read-write</key>
    <true/>
    <key>com.apple.security.assets.music.read-only</key>
    <true/>
    <key>com.apple.security.assets.pictures.read-write</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
    <key>com.apple.security.library-repair.extensions</key>
    <array>
        <string>photolibrary</string>
        <string>aplibrary</string>
    </array>
    <key>com.apple.security.library-repair.ostype</key>
    <array>
        <string>iPlb</string>
    </array>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.security.personal-information.addressbook</key>
    <true/>
    <key>com.apple.security.print</key>
    <true/>
    <key>com.apple.security.temporary-exception.apple-events</key>
    <array>
        <string>com.apple.mail</string>
        <string>com.apple.itunes</string>
    </array>
    <key>com.apple.security.temporary-exception.files.absolute-path.read-write</key>
    <string>/</string>
    <key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
    <array>
        <string>com.apple.photostream-agent</string>
    </array>
    <key>com.apple.security.temporary-exception.mach-lookup.global-name:before:10.8</key>
    <array>
        <string>com.apple.AOSNotification-FMM</string>
    </array>
    <key>com.apple.security.temporary-exception.sbpl</key>
    <string>
        (begin
            (allow file-search)
            (allow ipc-posix-sem)
            (allow system-fsctl))
    </string>
    <key>com.apple.security.temporary-exception.shared-preference.read-only</key>
    <array>
        <string>com.apple.iPhoto</string>
    </array>
    <key>com.apple.security.temporary-exception.shared-preference.read-write</key>
    <array>
        <string>com.apple.Aperture</string>
        <string>com.apple.iApps</string>
        <string>com.apple.iLifePhotoStream</string>
        <string>com.apple.iLifeAssetManagement.agent</string>
        <string>com.apple.iLifeAssetManagement.crash</string>
        <string>com.apple.iLifePhotoStream.importstatus</string>
        <string>MobileMeAccounts</string>
        <string>com.apple.ImageCapture2</string>
        <string>com.apple.mcxprinting</string>
    </array>
</dict>
</plist>