Hacker News new | ask | show | jobs
by teilo 5349 days ago
Time to settle down, people. This is not the bad news you think it is. Please take the time to read what exactly is entailed in Sandboxing a Mac App before you presume this is a restriction on your freedom. You can start here:

https://developer.apple.com/library/mac/#documentation/Secur...

The vast majority of apps on the App store can be sandboxed without effecting their functionality in any way.

Sandboxing on OS X is not like Sandboxing on iOS. You can still access all your files. Your app just can't do it without asking. You can still send Apple events to other apps - you just can't send them to whatever apps you feel like. They must be defined, and permission granted via entitlements. True, you cannot access another applications preferences. However, an application can present an API that other applications can access.

In other words, this change forces apps to be designed much more securely. It reminds me of the Android permissions model.
3 comments
kennywinker 5349 days ago
"Sending Apple events to arbitrary apps With App Sandbox, you can receive Apple events and respond to Apple events, but you cannot send Apple events to arbitrary apps."

"By using a temporary exception entitlement, you can enable the sending of Apple events to a list of specific apps that you specify..."

The word at WWDC was temporary exceptions are temporary and just there to ease the transition to sandboxing. I.e. they will be REVOKED at some point in the future.

link
natesm 5349 days ago
> You can still access all your files. Your app just can't do it without asking.

Sort of. You can't access files across restarts of your app right now. So something that needs to maintain a database of files in the filesystem (say a music library) will be able to access them when the user adds the files, but then will stop working after you restart.

The only way around this is a "temporary" exception - they absolutely need a permanent solution for this situation.

link
DrJokepu 5349 days ago
I'm a 100% behind the idea of sandboxing, one of my apps in the Mac App Store already comes with sandboxing enabled even though it's not required yet, but I feel like the current way to do it can be very limiting. Some perfectly legit applications would be inherently broken with no easy way to fix them. Heck, even Xcode would be broken as you only open the project file directly, how could you edit the source files in the project individually without opening them one by one?

The only way I can think of is having the whole project, including the source files in a single bundle but that would break everything currently out there.

link