OS X sandboxing flaw casts doubt on upcoming Mac App Store requirement

2»

Comments

  • Reply 21 of 35
    hmurchisonhmurchison Posts: 12,353member
    a greer



    The Camera + issue had nothing to do with Sandboxing. The rule that it violated was a rule that developers cannot co-opt any of the hardware buttons with their software. Meaning if customers know those round buttons are for volume up and down a developer cannot change that relationship.



    Apple indeed has relented on this policy with iOS 5 but that really has nothing to do with Sandboxing.



    Oh and the Ben Franklin quote was



    Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety



    I'm not sure sandboxing is giving up an essential liberty. That's debatable.
  • Reply 22 of 35
    Quote:
    Originally Posted by a_greer View Post


    Ben Franklin said "He who sacrifices freedom for security deserves neither." ...





    This whole sand boxing movement that started with IOS and is now spreading to Mac and even Windows is a bit troubling. if someone makes an app that the gatekeepers dont like for whatever reason cant sell their apps to the majority of users...



    For people who see no trouble with this I give you the case of Camera+ This application used teh volume button as a shutter, Apple pulled the app, destroying the developers ability to profit from their otherwise exceptionally cool application, then, like 9 months later in ios 5 we see volume button used as a shutter control! This kind of crap kills innovation because there is a risk of the platform owner killing your product and stealing it, not just competeing with it, but killing the competition completely!



    I am not for government control and regulation, but really I think there needs to be a computing opennes regulation that basically states that consumers have the right to side load applications...that is users or owners of the phones or PCs cant be stopped by the maker from installing software that the device maker doesnt like.



    Camera+ is still one of the top apps sold on App Store. Scott Forstall sees it as a great idea, that's why they approved it 9 months later. You can't blame Scott Forstall, who is as close to Steve Jobs as you get. Charlie Miller violated the Terms of Use, and also pissed off Scott Forstall. He deserved to be banned, because he abused the trust Apple gave in him, no matter how genius he is. (He formerly worked for NSA where they used secure versions of NeXTStep during the old days.) I actually emailed Steve Jobs and advised him that how important Apple should work with Charlie Miller. And now he gave me this.

    He's now banned for one year, but Apple reserves the discretion to reinstate him. Charlie Miller will still be important.



    BTW, what happened to CloudGazer LOL? Does he still post here?
  • Reply 23 of 35
    Quote:
    Originally Posted by IronTed View Post


    BTW, what happened to CloudGazer LOL? Does he still post here?



    Seems he stopped around two months ago.
  • Reply 24 of 35
    aquaticaquatic Posts: 5,602member
    Quote:
    Originally Posted by a_greer View Post


    Ben Franklin said "He who sacrifices freedom for security deserves neither." ...





    This whole sand boxing movement that started with IOS and is now spreading to Mac and even Windows is a bit troubling. if someone makes an app that the gatekeepers dont like for whatever reason cant sell their apps to the majority of users...



    For people who see no trouble with this I give you the case of Camera+ This application used teh volume button as a shutter, Apple pulled the app, destroying the developers ability to profit from their otherwise exceptionally cool application, then, like 9 months later in ios 5 we see volume button used as a shutter control! This kind of crap kills innovation because there is a risk of the platform owner killing your product and stealing it, not just competeing with it, but killing the competition completely!



    I am not for government control and regulation, but really I think there needs to be a computing opennes regulation that basically states that consumers have the right to side load applications...that is users or owners of the phones or PCs cant be stopped by the maker from installing software that the device maker doesnt like.



    Excellent post. It used to be that Apple was more open than others (e.g. the old school Windows vs. Mac thing in the 90s). Apple has become Microsoft. This is one reason I got an Android phone. I can do a lot of things iPhone can not, and even better, with no hacking around at all. Flash, free tethering, installing apps that are NOT in the app store, emulators, the list goes on. This is all without any rooting, jail breaking, etc. The way they are slowly turning OS X in to iOS is disturbing, and sad. I want to be able to do what I want with the stuff I own.



    I am fine with all the security Apple wants to put in. But there should always be a way to allow the user to turn OFF any type of security. It should be ON by default. But if power users know where to look they should be able to execute whatever kind of code they want.



    That whole Camera+ thing was literally what pushed me just days later to get a Droid. I'm so glad I did. And this despite the fact I have an iPad 2 with iOS 5 and am therefore familiar with iOS.
  • Reply 25 of 35
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by Aquatic View Post


    That whole Camera+ thing was literally what pushed me just days later to get a Droid. I'm so glad I did. And this despite the fact I have an iPad 2 with iOS 5 and am therefore familiar with iOS.



    We really don't know what actually happened. Clearly the developers of Camera + would have a good case to bring suit against Apple. I am just guessing, but it is likely that they were well compensated. Unless you can provide some links from the original developer to the contrary I would suspect Apple did the right thing and probably paid them for their innovation.
  • Reply 26 of 35
    hmurchisonhmurchison Posts: 12,353member
    Quote:
    Originally Posted by Aquatic View Post




    That whole Camera+ thing was literally what pushed me just days later to get a Droid. I'm so glad I did. And this despite the fact I have an iPad 2 with iOS 5 and am therefore familiar with iOS.



    So none of Google's transgressions have bothered you to the same affect as Apple stating that they want consumers to know volume buttons ...actually increase/decrease volume and making sure 3rd parties comply.



    Google can scan neighborhoods and basically trample over consumer privacy with impunity.



    Nay ...I think you've had a bone to pick with Apple for quite a bit longer and were just looking for a scapegoat.
  • Reply 27 of 35
    rcfarcfa Posts: 1,124member
    For those with access to it, I highly recommend watching



    https://developer.apple.com/videos/wwdc/2011/?id=203



    and



    https://developer.apple.com/videos/wwdc/2011/?id=204



    before spreading further FUD about sandboxing.
  • Reply 28 of 35
    Quote:
    Originally Posted by ascii View Post


    That doesn't even make sense. You don't access things outside your sandbox, you define your sandbox such that it gives you everything you need and nothing more. Do you even know the difference between app sandbox and universal App Store restrictions?



    Um I don't think you understand the limitations of the App Store and what the OP meant by "utilities". You cannot write utility software for the MAS because you don't have access to any number of things like, but not limited to, the raw device file or any location the user has no permission to access. Ever needed to run DiskWarrior? Well you can't get if on the MAS for a reason. Ever wanted to buy Parellels or VMWare on the MAS? So sorry, too bad. You're telling me that you can write a hypervisor in Cocoa, sandboxed for the MAS? Driver software that needs direct access to hardware? GOOD LUCK.



    Unless Apple adds about two dozen more entitlement the MAS will become a place to buy random games and Apple applications that conviently don't have to be sandboxed (most likely because the Xcode dev team shat themselves when somebody asked if they could put Xcode in a sandbox).
  • Reply 29 of 35
    I'm going to be anal and correct some statements here



    Quote:
    Originally Posted by Aquatic View Post


    Flash



    Getting axed. Security Nightmare and Performance Hog. Please pay more attention



    Quote:
    Originally Posted by Aquatic View Post


    free tethering



    I have free tethering on my iPhone 4.



    Quote:
    Originally Posted by Aquatic View Post


    Installing apps that are NOT in the app store



    To which Android Malware has appeared in droves. Both Apple and Android's strategies have upsides and downsides, but security should always be on the top of the priority list.



    Quote:
    Originally Posted by Aquatic View Post


    emulators



    Granted.



    Quote:
    Originally Posted by Aquatic View Post


    the list goes on.



    No it doesn't. Thats pretty much it.





    Emulators are the only thing you've mentioned that have no alternative for the iPhone - but, really, that is not much of a selling point. Both systems are on par with each other, they just have different ways to achieve the same result.





    Quote:
    Originally Posted by Aquatic View Post


    slowly turning OS X in to iOS is disturbing, and sad.



    So an App store and a grid of Applications is OSX turning into iOS? Strange, it just looks like extra functionality on top of what is already there to me.



    Quote:
    Originally Posted by Aquatic View Post


    I want to be able to do what I want with the stuff I own.







    Quote:
    Originally Posted by Aquatic View Post


    Allow the user to turn OFF any type of security



    Quick question - Why!?

    Three qualifications in computing have failed to let me see the logic in that sentence. Optional components can already be turned off on OSX, but allowing the user to turn off ANY security measures is just insane. If the application you are using needs some crucial security measure switched off in order to work correctly then the developer needs shooting point blank.



    Either that or you badly worded your sentence.



    Quote:
    Originally Posted by Aquatic View Post


    But if power users know where to look they should be able to execute whatever kind of code they want.



    I can do that already without turning anything off and without using any "power user" tools. A terminal window and a keyboard is all you need. I could turn my iMac into an email server right here, right now if I wanted without the need for OSX Server.
  • Reply 30 of 35
    a_greera_greer Posts: 4,594member
    Quote:
    Originally Posted by Aquatic View Post


    That whole Camera+ thing was literally what pushed me just days later to get a Droid. I'm so glad I did. And this despite the fact I have an iPad 2 with iOS 5 and am therefore familiar with iOS.



    I am up for renewal on 1 december and will definately begoing to droid at that time...most likely the new Galaxy || on att as I have to keep them so i dont lose my unlimited data.



    I may well be selling my iPad 2 to get the money for the new phone but I will not be selling my iphone 4...its going one of a few family members who think the iphone is the greatest thing since sliced bread, and compared to the moto flip phones they had before the iphones they use now, they are right.
  • Reply 31 of 35
    Quote:
    Originally Posted by a_greer View Post


    I am up for renewal on 1 december and will definately begoing to droid at that time...most likely the new Galaxy || on att as I have to keep them so i dont lose my unlimited data.



    I may well be selling my iPad 2 to get the money for the new phone but I will not be selling my iphone 4...its going one of a few family members who think the iphone is the greatest thing since sliced bread, and compared to the moto flip phones they had before the iphones they use now, they are right.



    I think you're going to regret it. I lost my iPhone 3GS and got myself a Samsung Galaxy Ace, and guess what? The animation on the phone was never smooth. It's always jerky. The apps are basically crap compared to the iOS version. If you're going to run a lot of apps and love the smooth experience only available on iOS devices, I suggest you keep your iPad or get a iPod Touch instead. Just use the Droid as a phone and nothing else. Not even surfing simply because the browser is always jerky when you pinch and zoom it.



    IronTed
  • Reply 32 of 35
    Quote:
    Originally Posted by IronTed View Post


    I think you're going to regret it. The animation on the [Galaxy Ace] was never smooth. It's always jerky. If you? ?love the smooth experience only available on iOS devices? Not even surfing simply because the browser is always jerky when you pinch and zoom it.



    I remember back in the day. Of, uh, Android 1.6. When that was new.



    I was testing out some of them in some store and was confused at just how horrible the interaction was. So I thought, "It must be the hardware. These morons use sub-par hardware, and that's why my first-gen iPhone works better than these do at performing simple tasks."



    And a couple months later, I installed Android 1.6 on my iPhone to test it out.



    And it sucked so much. So frigging much.



    I'm not contesting your point or anything; just adding to it. It's not the difference in hardware that makes all Android phones absolutely suck, it's the software.



    I'll bet that a few years from now, someone somewhere will manage to hack iOS onto an Android phone. And it'll run so dang well.
  • Reply 33 of 35
    aquaticaquatic Posts: 5,602member
    Quote:
    Originally Posted by benanderson89 View Post


    I'm going to be anal and correct some statements here














    Terminal, really. I use a Mac because I do NOT want to f*ck around with Terminal. Power users should be able to turn anything off they want, without mucking around in Terminal. I find GUI much faster than terminal, just in case you were going to say it is "faster" for real power users. Hiding a GUI control somewhere is sufficient enough to prevent grandma from accidentally turning off all security. This is just my opinion. A large user group study would perhaps be needed, with statistical analyses, to in fact verify whether my opinion works out in reality. But for now I'm just going with my gut feeling on this.



    And it's why I bought an Android. I want to do what I want, without f*cking around with UNIX crap.
  • Reply 34 of 35
    Quote:
    Originally Posted by Aquatic View Post


    Terminal, really. I use a Mac because I do NOT want to f*ck around with Terminal. Power users should be able to turn anything off they want, without mucking around in Terminal. I find GUI much faster than terminal, just in case you were going to say it is "faster" for real power users. Hiding a GUI control somewhere is sufficient enough to prevent grandma from accidentally turning off all security. This is just my opinion. A large user group study would perhaps be needed, with statistical analyses, to in fact verify whether my opinion works out in reality. But for now I'm just going with my gut feeling on this.



    And it's why I bought an Android. I want to do what I want, without f*cking around with UNIX crap.



    But Android is Linux - so you're still not getting away from the "UNIX" stuff.



    I was reluctant to learn the terminal interface as well, but once you get to know it, the terminal is nothing short of amazing. There are quite a few thing within the terminal that would be rather inneficiant via a GUI - a command that requires many opening arguments or specific output formats, for example, is much quicker and better served via a terminal interface. You also has to factor in its efficiency with system resources - what with the lack of a GUI. If you use MS Windows then I would understand why you would think the terminal is useless, because the terminal in windows is utterly useless - UNIX/LINUX/OSX is an entirely different story. Though, of course, your line of work determines the importance of the terminal. For me it's vital for my job!
  • Reply 35 of 35
    hirohiro Posts: 2,663member
    Quote:
    Originally Posted by Aquatic View Post


    Terminal, really. I use a Mac because I do NOT want to f*ck around with Terminal. Power users should be able to turn anything off they want, without mucking around in Terminal. I find GUI much faster than terminal, just in case you were going to say it is "faster" for real power users. Hiding a GUI control somewhere is sufficient enough to prevent grandma from accidentally turning off all security. This is just my opinion. A large user group study would perhaps be needed, with statistical analyses, to in fact verify whether my opinion works out in reality. But for now I'm just going with my gut feeling on this.



    And it's why I bought an Android. I want to do what I want, without f*cking around with UNIX crap.



    You can't reasonably ask for ultimate flexibility and then reject the existing solution because you don't want it. The solution you seem to be asking for has never existed and probably never will because the effort to cover the rest of to command line tools with GUIs just isn't worth it financially for the micro-niche of users that might actually want them. There just plain isn't a big enough market to make the development and maintenance plunge for that.
Sign In or Register to comment.