Archive for October 24, 2019

Thursday, October 24, 2019 [Tweets] [Favorites]

Modern AppKit File Permissions

Ben Scheirman:

There is no API for saying “Please prompt the user to access this folder”. Instead, this is done in one of three ways:

  • Full Disk Access
  • Prompting the user to open a file/directory
  • Dragging & Dropping a folder onto the application

[…]

By default the [latter two] approaches above grant you access while the app remains open. When you quit the app, any folder access you had is lost.

To gain persistent access to a folder even on subsequent launches, we’ll have to take advantage of a system called Security-Scoped Bookmarks.

[…]

Watch out for symlinks. My working directory is full of them, and I wanted to list contents of a nested folder that was actually a symlink, and this doesn’t work. You have to grant permissions to the real folder, which may involve additional prompts to grant all the permissions you need.

Obviously, you wouldn’t want an app to be able to give itself access to a protected folder by creating a symlink to it. But if the user is already demonstrating intent by choosing a folder or dragging and dropping it, it’s too bad that the system doesn’t grant access to everything referenced from that folder.

In practice, this means lots of extra complexity because a sandboxed app can never assume it has access to anything. Items in the folder could actually be stored somewhere else. After detecting this, and prompting for access, you may need to store multiple security-scoped bookmarks to maintain access to the single folder. And the folder’s contents may change and require additional prompts the next time.

Daniel Tull:

In this post I will be talking about the pair of methods startAccessingSecurityScopedResource and stopAccessingSecurityScopedResource on the URL type and how we can use Swift to make their use a little nicer in our apps. I will walk through the modifications I have made to the Particles sample app that Apple provided for the session. If you’d like to see the final result or any of the steps, you can find them on GitHub.

Previously:

GarageSale 8.0

iwascoding:

If you work with GarageSale on severals Macs you might find the new Synching feature helpful. Once enabled your GarageSale database will be synched between your Macs. The Synching feature requires a GarageSale Pro subscription.

[…]

Print generic shipping labels or packing slips that you can add to the shipment or use them to find the ordered items in your warehouse.

[…]

You can “detach” a popup from its original position and move it to a permanent location on your screen. Great for preventing it from auto-closing while switching to another app or for working on multiple listings at the same time.

[…]

GarageSale 8 comes with a powerful search and replace function that works on the entire database or the current selection. Easily edit title, description and other fields of all your listings in one go.

Looks like a big update to this thoughtfully designed app for selling on eBay.

Previously:

iPad Seems Safe for College Students

Jason Snell:

So can a college student survive on iPad alone? I think we’ve reached the point where I can answer “yes” to that question. There are caveats, of course—there always will be when it comes to tech stuff. Still, it feels like a bit of a milestone.

As for my daughter, she took her beloved 12-inch MacBook to college—and never expressed any interest in using an iPad, despite the obvious superiority of the iPad over the MacBook in terms of pure computing power. She loves her tiny laptop—both for fun things like watching Netflix and for less fun things like writing papers.

Kids do like to rebel, don’t they? Mine do it by using laptops.

Previously:

WTF Auto Layout?

Evan Dekhayser:

Auto Layout error messages are not known to be easy reads, so this tool from John Patrick Morgan that makes the errors much easier to debug is really valuable. Images and simple descriptions are shown for each constraint, making it much more feasible to find the issue with your layout. Anything that moves this complicated debugging from my head to the computer screen sounds good to me!

See also: Kristina Fox.

AirDrop and Quarantine Flags

Howard Oakley:

AirDrop has a bigger problem, though: because it’s a semi-public way of pushing files of unknown pedigree onto an unsuspecting Mac (or iOS device), macOS attaches a quarantine flag to everything transferred by AirDrop. For documents that’s only a minor irritant, now that macOS so promiscuously sets quarantine flags on every document opened by a sandboxed app. It can still catch you out when you try to open that document with an app other than the default for that type.

But for apps, command tools and other forms of executable code, this is more serious. If you’ve just copied one of those across, on the receiving Mac that software is now going to trigger a full Gatekeeper first run check. If that destination system happens to be Catalina and the software should be notarized but isn’t, you could find yourself wasting time slipping it past that. For command tools in particular that can come as a complete surprise.

[…]

In Catalina, if the app isn’t notarized, double-clicking it will elicit the usual failure dialog, and opening it using the Finder’s Open command gives you the option to open it regardless.

I get why this happens, but it’s annoying when you just want to send yourself a file. I used to do this frequently during development to test the in-progress app on other systems. In that situation, you really don’t want to have to go through the full notarization process. The contextual menu bypass seems unreliable. Sometimes it doesn’t work the first time, sometimes it launches the app but shows an error message, anyway, and I’ve received one report of it not working at all. I’ve taken to transferring using rsync or scp, as those don’t add quarantine flags.

Previously: