| Yup. While I do need to use a number of third-party tools to get the UX like I want it (Hammerspoon, Hyperswitch, Spectacle and Quicksilver), they do exist, they work fine and I think this has more to do with my specific requirements than with any fundamental issues or missing features in the UX. Going forward, advanced sandboxing is indeed one of the most important things that I would love to see Apple focus on. Ever since I first considered the possibility that apps can have individual access controls, probably around the time I first encountered SELinux/RSBAC and later AppArmor, I've been wondering why vendors aren't pushing this as an absolute top priority on the security front. Meanwhile I'm using this: https://beta.f-secure.com/key/XFence It's Jonathan Zdziarski's Little Flocker rebranded after he sold it to F-Secure. It works great, but it does admittedly require an upfront investment. 2 caveats: - Current version only works on Sierra (I'm not touching High Sierra until just before the next one comes out) - Creating "any via" rules can lead to noticeable slowdowns, while "ancestor" rules, even though they are theoretically more expensive, don't (unless one overuses them, I suppose). It's probably a bug. Other than this, I've been using it for over a year and have no complaints whatsoever. |