{"id":15302,"date":"2016-07-22T11:32:08","date_gmt":"2016-07-22T15:32:08","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=15302"},"modified":"2016-07-22T11:32:08","modified_gmt":"2016-07-22T15:32:08","slug":"sandboxing-wisdom","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/07\/22\/sandboxing-wisdom\/","title":{"rendered":"Sandboxing Wisdom"},"content":{"rendered":"<p><a href=\"http:\/\/indiestack.com\/2016\/07\/sandbox-container-ownership\/\">Daniel Jalkut<\/a> (<a href=\"https:\/\/twitter.com\/danielpunkass\/status\/756250669959479297\">tweet<\/a>):<\/p>\n<blockquote cite=\"http:\/\/indiestack.com\/2016\/07\/sandbox-container-ownership\/\"><p>[I&rsquo;ve] managed to produce two versions of my app, one of which causes the sandbox container to be apparently unwritable to the other after running! Specifically, preferences are not saved and console messages indicate an attempt to write preferences outside the host app&rsquo;s sandbox.<\/p>\n<p>[&#8230;]<\/p>\n<p>These kinds of issues scare the bejeezus out of me because I really fret my users running into data migration problems after I ship an update, and because the relative opacity of the sandboxing system makes a lot of issues very hard to debug.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/danielpunkass\/status\/756262993084706816\">Daniel<\/a> <a href=\"https:\/\/twitter.com\/danielpunkass\/status\/756294160441901056\">Jalkut<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/danielpunkass\/status\/756262993084706816\"><p>In a nutshell: for the past 4 years or so, sandboxing has been a massive, amorphous &ldquo;bug&rdquo; that I have to wrap my head around. So, so tired.<\/p><\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/danielpunkass\/status\/756294160441901056\"><p>Rarely a day goes by when I don&rsquo;t worry that I made a huge mistake betting on sandboxing and MAS for the long run.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/petermaurer\/status\/756373747934855169\">Peter<\/a> <a href=\"https:\/\/twitter.com\/petermaurer\/status\/756374179608420352\">Maurer<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/petermaurer\/status\/756373747934855169\"><p>Answer from a very tired sandbox wrangler: Don&rsquo;t do it. Don&rsquo;t waste your time on custom settings, etc. Instead, import once&#8230;<\/p><\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/petermaurer\/status\/756374179608420352\"><p>&#8230;via open dialog automatically, then make additional imports (for whatever reason) available via menu or preferences.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/iljawascoding\/status\/756406630166781953\">Ilja A. Iwas<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/iljawascoding\/status\/756406630166781953\"><p>We released GarageSale 7 this week, still sandboxed, but won&rsquo;t be submitted to the MAS. Ah, that sweet feeling of relief.<\/p><\/blockquote>\n\n<p><a href=\"http:\/\/indiestack.com\/2016\/07\/app-sandbox-control-tool\/\">Daniel Jalkut<\/a>:<\/p>\n<blockquote cite=\"http:\/\/indiestack.com\/2016\/07\/app-sandbox-control-tool\/\"><p>This tool [asctl] appears to offer extensive insight into the sandbox&rsquo;s understanding of containers. I wish I had discovered it earlier!<\/p><\/blockquote>\n<p>Apple doesn&rsquo;t seem to have posted the <a href=\"http:\/\/www.manpagez.com\/man\/1\/asctl\/\">asctl man page<\/a>, but this online version has the same date stamp as the man page on my 10.11 system.<\/p>","protected":false},"excerpt":{"rendered":"<p>Daniel Jalkut (tweet): [I&rsquo;ve] managed to produce two versions of my app, one of which causes the sandbox container to be apparently unwritable to the other after running! Specifically, preferences are not saved and console messages indicate an attempt to write preferences outside the host app&rsquo;s sandbox. [&#8230;] These kinds of issues scare the bejeezus [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[546,1406,30,32,39,1199,207,53],"class_list":["post-15302","post","type-post","status-publish","format-standard","hentry","category-technology","tag-ownership","tag-garagesale","tag-mac","tag-macapp","tag-macappstore","tag-mac-os-x-10-11","tag-marsedit","tag-sandboxing"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/15302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=15302"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/15302\/revisions"}],"predecessor-version":[{"id":15303,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/15302\/revisions\/15303"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=15302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=15302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=15302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}