| There are a few security related issues with how we handle the native messaging stuff. There are two important things: 1. We check code signatures and compare them against what we know and expect.
2. The more we approve for this the more it feels like we're screening and supporting the ones we do approve. We have opted to remove all browsers except those that are mainstream (Chrome, Firefox, Safari and Opera). I believe everything else has been removed. We also don't allow this to be disabled, for security reasons, as of recent versions. sudolikeaboss would also require that we add their code signature to the app and it breaks the new rule we have on that. If sudolikeaboss ever came back, it'd be a home grown solution internal from us. It's the only way we could make this work I think. Security is really tough. We didn't want to start feeling like we had to screen all apps and vouch for them. It's a really slippery slope. Maybe we'll find other ways to accomplish this though. There are indeed some .. plans.. that might actually really impact this in the future! We'll have to see what comes from WWDC this year before we make next steps though. And thanks for the kind words. I like hacker news, I hang out here and read stuff during my lunch and stuff, so it's a pleasure getting to converse with people here. :) Kyle AgileBits |