Archive for June 28, 2018

Thursday, June 28, 2018

Apple Event Sandboxing in macOS Mojave Lacks Essential APIs

Felix Schwarz (tweet):

In the WWDC 2018 session “Your Apps and the Future of macOS Security”, Apple announced big changes to macOS security.

One of them - and possibly the one with the biggest impact: apps can no longer send Apple Events to other apps without user authorization.

Apple argues that Apple Events (which AppleScript uses under the hood) can be used to get access to otherwise protected user data in other apps, so the user should be prompted for authorization.

[…]

I am deeply worried that the implementation of Apple Event sandboxing in Beta 2 could make it into the final release of macOS Mojave unchanged.

As it is, it offers too little to developers who want to provide a good user experience. And not enough for utility apps and pro users who are in need of an option to exempt apps from Apple Event sandboxing.

He does a great job of explaining the issues with the current implementation.

Update (2018-07-12): Daniel Jalkut:

I ran into another usability challenge that Felix didn’t itemize: the problem of denying authorization to an application and then living to regret it. I guess at some point I must have hastily denied permission for Xcode (Apple’s software development app) to control the Finder. This resulted in a seemingly permanent impairment to Xcode’s “Show in Finder” feature. I’m often using this feature to quickly navigate from Xcode’s interface to the Finder’s view on the same files. After denying access once, the feature has the unfortunate behavior of succeeding in activating the Finder (I guess that one is whitelisted), but failing silently when it comes to revealing the file.

OK, that’s fine. I messed up. But how do I undo it? Unfortunately, the list of applications in the Security and Privacy preference pane is only of those that I have clicked “OK” for. There’s no list of the ones that I’ve denied, and no apparent option to drag in or add applications explicitly. For this high level problem, I filed Radar #42081464: “TCC needs user-facing mechanism for allowing previously denied privileges.”

[…]

What’s the service called, and does tccutil even support resetting it? After a crude search of the private TCC.framework’s binary, I discovered I was looking for “AppleEvents”:

tccutil reset AppleEvents

Update (2018-08-23): Mark Munz:

Having tried to navigate this myself, I suspect new macOS Mojave permissions are going to be a major cluster***k for more advanced users.

It feels like Apple rushed this “feature” with little or no usability/power user input.

Great idea – horrible execution.

Update (2018-08-30): Evgeny Cherpak:

This prompt is so lame:
1. Include
a) requesting app icon
b) icon of the app it wants to control
2. Add some new line characters to make it more readable
3. Data and documents in iTunes... documents aren’t data? Wording needs work.

Howard Oakley:

With Mojave’s release possibly only a couple of weeks away, I’ve been trying to resolve problems in my own apps which seriously limit their functionality when they’re run in macOS 10.14. What I’ve learned is how complex its new privacy protection is, and how users, sysadmins and developers may be in for a shock when they upgrade to Mojave.

[…]

It’s worth pausing for a moment to consider whether Mojave’s current implementation of privacy protection is actually in the users’ interests. I know of no other situation in which an operating system deliberately crashes an app because it lacks an explanatory string like this. Unix and almost all other operating systems handle many requests to access the inaccessible, and respond by returning an error, which the calling app can trap for and handle gracefully, ensuring that the user is made fully aware of what went wrong.

AT&T More Than Doubles Administrative Fee

Juli Clover:

The fee hike was first noticed by BTIG Research analyst Walter Piecyk (via CNBC), who pointed out that AT&T has increased its monthly fees by approximately $1.23 in 2018 with two price hikes in April and June. Customers are now paying $1.99 in administrative fees, up from 76 cents last year.

I’ve been using an old iPhone to experiment with switching to Boom Mobile, as it now supports Visual Voicemail. The red (Verizon) network seems to have better coverage than AT&T in most places that I care about. The rates and customer service seem to be better. The main downsides seem to be that there’s no support for Wi-Fi calling or international roaming. I ran into a few glitches with the Web site and had to use the chat to get them to make the necessary changes to my account, but that was surprisingly quick.

Run, RunLoop, Run

Nicolas Bouilleaud (tweet):

Put simply, a run loop is a messaging mechanism, used for asynchronous or interthread communication. It can be seen as a post box that waits for messages and delivers them to recipients.

A run loop does two things:

  • wait until something happens (e.g., a message arrives),
  • dispatch that message to its receiver.

[…]

The most important feature of CFRunLoop is the CFRunLoopModes. CFRunLoop works with a system of “Run Loop Sources”. Sources are registered on a run loop for one or several modes, and the run loop itself is made to run in a given mode. When an event arrives on a source, it is only handled by the run loop if the source mode matches the run loop current mode.

Greg Parker:

1. Write an event-handling loop: it waits for events—user input, timers, etc—and calls the handlers registered for those events.

2. Put the loop in an opaque box. That’s a run loop object.

I imagine it as a jack-in-the-box. You turn the crank and calls to event handlers pop out.

Making Your Shell Prompt Show Xcode and Git Status

Marc Palmer:

Often I run two or more different Xcode builds on the same machine, either because a client project can’t yet build on the latest Xcode release, or because we’re in a new Xcode beta period. Of course I forget which one I am running, especially if switching between projects multiple times in the same day.

[…]

I’ve never customised my shell prompt before but I knew it was possible and I suspected it would be simple to show the current version of Xcode toolchain that the shell is using (which is controlled by xcode-select).

[…]

By default it is set up to show your host and working dir, Xcode version — yep that’s the bit with the hammer 🔨 — and following that your git branch and status, if any.