Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple To Require Sandboxing For Mac App Store Apps

Soulskill posted more than 2 years ago | from the your-cat-will-love-it dept.

OS X 584

mario_grgic writes "And so it begins: Apple will require that all Mac apps submitted to the Mac App store stick to strict sandboxing requirements. This means you must ask Apple for read or read/write entitlements for additional folders outside your Application Support folder before your app is approved. There are also restrictions on direct hardware access, communication to processes your app did not start, or even something simple as taking a screenshot. All that is needed after this to turn your Mac into an appliance is to only allow app installations from App Store."

cancel ×

584 comments

Sorry! There are no comments related to the filter you selected.

Cue Apple fans saying "That could NEVER happen" (4, Insightful)

elrous0 (869638) | more than 2 years ago | (#37936150)

All that is needed after this to turn your Mac into an appliance is to only allow app installations from App Store.

I've made the argument that this is exactly where Apple is headed for a long time now. I'll summarize the responses you're going to get:

  • They would never isolate developers like that.
  • They depend on the creative crowd that would never tolerate being locked down like that
  • Adobe and other developers would bitch about having to go through the app store and this would stop Apple from doing it
  • We'll probably still be able to find a way to jailbreak it, so that makes it okay
  • Just because they do it on iOS doesn't mean they'll ever do it on Mac's. They're COMPLETELY different things.
  • The app store is just for iOS, Apple would be stupid to put it on Mac's. [they don't use this one so much anymore]

Of course, the second that Apple announces that they ARE, in fact, locking down the Mac's too, I suspect you'll see one of two responses (should be interesting to see how it goes):

  • It's a great idea! I can't wait to buy one!! [this would have been the guaranteed response if Steve hadn't stepped down]
  • Steve would have never done that!! [i.e., the faithful followers of Steve begin to denounce the new false messiah]

Re:Cue Apple fans saying "That could NEVER happen" (1)

Anonymous Coward | more than 2 years ago | (#37936190)

Technically, you haven't made an argument, because those are based on facts. You've made a prophecy, which has not yet come true. You aren't yet vindicated.

Re:Cue Apple fans saying "That could NEVER happen" (-1)

Anonymous Coward | more than 2 years ago | (#37936210)

Hey look. More anti-Apple FUD from elrous0. How surprising... NOT!

Re:Cue Apple fans saying "That could NEVER happen" (-1, Troll)

elrous0 (869638) | more than 2 years ago | (#37936258)

Well, I guess that's one vote for Tim Cook as true messiah.

Re:Cue Apple fans saying "That could NEVER happen" (-1)

Anonymous Coward | more than 2 years ago | (#37936834)

And another vote for you as a useless sack of shit.

Do you wank off after posting your little diatribes? Why do you care about any of this? You don't like Apple? Ignore them and their products. Why is that so hard for you people? Mental illness, or are you just an asshole who gets kicks out of bashing things to get responses?

Re:Cue Apple fans saying "That could NEVER happen" (1)

Jeremiah Cornelius (137) | more than 2 years ago | (#37936858)

The RACE to PALLADIUM!

Who'll get there first? Apple? Intel/McAfee?

Re:Cue Apple fans saying "That could NEVER happen" (1)

andreicristianpetcu (1964402) | more than 2 years ago | (#37936912)

Apple sucks ass big time :) but this is a good idea ! I see 2 fears: 1) plugins: if apple implements this right then browsers and final cut and others might request get all permissions or they can recalculate all permissions based on the plugins they have. I would like to see each time I install a new plugin a message like "the application X wants this extra permission:read/write external files because - {insert some reason the developer wrote}. Do you agree to add the extra permission?Yes/No". This could mean less virus infections on Macs. 2) external apps cannot be installed: well this is a serious issue but most Mac users have iPhones so this is not new to them :). Most Apple fans are not experts in computers (see the haters/fanboys difference on slashdot comments) . They like a single place where to install everything. I have a Ubuntu laptop I love installing stuff from their software center. it is simple and painless. I like the freedom of installing extra .deb packages but I rarely use it.

Re:Cue Apple fans saying "That could NEVER happen" (0)

Anonymous Coward | more than 2 years ago | (#37936214)

This is talking about the Mac app store, not the iOS one.

Re:Cue Apple fans saying "That could NEVER happen" (5, Insightful)

dzfoo (772245) | more than 2 years ago | (#37936226)

You forgot a couple of answers:
- Who the f*ck cares, as long as it works.
- Why do you care, just don't use the Mac App Store, don't upgrade your OS to the version that locks you out, or don't use a Mac.

        -dZ.

Re:Cue Apple fans saying "That could NEVER happen" (0)

Anonymous Coward | more than 2 years ago | (#37936276)

+1 for the "Who the f*ck cares, I'll never ever use anthing from Evil Company

Re:Cue Apple fans saying "That could NEVER happen" (1)

zlives (2009072) | more than 2 years ago | (#37936578)

you mean "this" evil company ...

Things you can't do on Windows or Linux (1)

tepples (727027) | more than 2 years ago | (#37936364)

or don't use a Mac.

That depends on how successful Apple and Microsoft are at suing Android out of existence. If they succeed, mobile app development will pretty much require using a Mac.

Re:Things you can't do on Windows or Linux (2)

GuldKalle (1065310) | more than 2 years ago | (#37936500)

Developing for WP7 requires a mac?

Re:Things you can't do on Windows or Linux (4, Funny)

tripleevenfall (1990004) | more than 2 years ago | (#37936554)

People are developing for WP7?

Re:Things you can't do on Windows or Linux (2)

Motard (1553251) | more than 2 years ago | (#37936762)

Yep.

Re:Things you can't do on Windows or Linux (1)

Just Some Guy (3352) | more than 2 years ago | (#37936788)

Strictly, yes: I bet at least two people are hacking out fart apps as we speak.

Re:Things you can't do on Windows or Linux (2)

Synerg1y (2169962) | more than 2 years ago | (#37936862)

Would develop* the death of android would not prompt an exodus to apple but to wp7, most people who own an android specifically chose not to go apple cause of apple bs, and while microsoft has their share, it's not nearly as bad.

Then again the death of android is only speculative by people who are not even close to being qualified to make that judgement (slashdotters), so I'll be enjoying my android for a long time to come I'm sure.

What is WP7's killer app? (1)

tepples (727027) | more than 2 years ago | (#37936864)

No, developing for WP7 just requires having a killer app good enough to get iPhone users to pay the ETF on their current contract and switch to a WP7 phone. I haven't seen anything close to such a killer app yet; would you mind showing me?

Re:Cue Apple fans saying "That could NEVER happen" (-1)

Anonymous Coward | more than 2 years ago | (#37936344)

Linux still sucks and nobody is going to move from OS X to Linux! In fact, if OS X ever goes away, all of those people are going to move directly to Windows!

P.S. Linux sucks, Gnome 3 sucks, KDE 4 sucks and Xfce is on par with Windows 3.11.

Re:Cue Apple fans saying "That could NEVER happen" (1)

Anonymous Coward | more than 2 years ago | (#37936468)

KDE 4 is greatest desktop environment ever. Not since MS-DOS 3.3 have I been so happy with the work environment on my personal computer.
And Windows and OS X have always sucked.

Re:Cue Apple fans saying "That could NEVER happen" (5, Insightful)

Stellian (673475) | more than 2 years ago | (#37936432)

There's nothing wrong with the sandboxing model per se. It's probably the only way to make our computers more secure. That Apple is moving in that direction should not be surprising: they make idiot-ready software (also known as good software), and you can't really have security and idiot friendliness without a trusted 3rd party to sort out the nitty-gritty details.

It should also be unsurprising that Apple moves to an authoritarian model where it and it alone can act as the trusted 3rd party. Almost everything Apple does is to maximize clout and control over the product environment. Apple is a control freak: it's profitable and risky, it almost got them killed when the PC revolution happened.

I would much rather like to see a sandbox where multiple private companies publish application profiles and the consumer choice is maximized; that's a nice role for the AV companies to play, move from a blacklist to a whitelist model. Should such a company turn into Big Brother, limit the consumer choice and push it's own interests, the consumers can easily move to a different "security provider".

Re:Cue Apple fans saying "That could NEVER happen" (3, Insightful)

Tetsujin (103070) | more than 2 years ago | (#37936882)

There's nothing wrong with the sandboxing model per se. It's probably the only way to make our computers more secure. That Apple is moving in that direction should not be surprising: they make idiot-ready software (also known as good software)

I take exception to this.

"idiot-ready" software is good software... for "idiots".

(Of course, they're not really idiots, most of them - they're regular people who desire a simple level of interaction with their computer. But I'm just running with the "idiot-ready" terminology there.)

That approach to software design is "one size fits most" - but it's not "one size fits all" because the limitations of a simple UI will inevitably interfere with (or at least fail to support) something that someone is trying to do. When your expectations and skills pass a certain threshold, a simple UI is not necessarily a good UI.

Re:Cue Apple fans saying "That could NEVER happen" (5, Insightful)

l0ungeb0y (442022) | more than 2 years ago | (#37936526)

How are they isolating developers? I develop on the Mac and constantly install development software all the time. Know how many development related bits I've had to install via AppStore? -- ONE -- The latest version of XCode after it went to public release.

The AppStore is for CONSUMERS, there will never be a full lockdown because forcing every software writer to release through the AppStore would kill OS X as a development platform. Even XCode requires a whole bevy of gnu utilities. OS X is a full fledged UNIX and as such, you'll always be able to do *Nixy things such as wget/curl a file, gunzip, configure and make.

What Apple does with their CoCoa Framework and native apps is up to them, but as long as they are a UNIX, they'll never have the ability to stop apps written in C, Java, Python, Bash, Perl, PHP or Ruby from doing whatever the hell they please.

The day they do, is the day OS X leaves the Unix fold and becomes something else. And if that happens, you can bet your sweet ass that Apple will be dead within 3 years.

I'm not so sure (2)

Viol8 (599362) | more than 2 years ago | (#37936836)

"OS X is a full fledged UNIX and as such, you'll always be able to do *Nixy things such as wget/curl a file, gunzip, configure and make"

I wouldn't bet on it. Its entirely possible to make the kernel limit what a user can do above and beyond a chroot jail - SELinux does it already. That doesn't make it any less of a version of unix. All you'd see on the command line is the "Operation not permitted" error and that would be that.

As for apple being dead if they messed about with the unix roots of OS/X , very unlikely. 99% of apple users couldn't care less and most of them don't even know their OS is a version of unix.

Re:Cue Apple fans saying "That could NEVER happen" (0)

Anonymous Coward | more than 2 years ago | (#37936876)

Cue Slashdot Linux fanboys screaming "I TOLD YOU SO! NYAH NYAH NYAH NYAH!"

Fuck. I'm done with this site. I spent 15 years as a Linux admin and developer, and 15 years later everyone in LinuxLand still acts the same way - like little shits who think they know better.

You know what? I'll happily go into Apple's walled garden. Why? Because their tech is attractive and lets me get my shit done. I'm sick and tired of half-assed promises of Linux on the Desktop, Free Software for all, etc. When it comes down to it, Linux *and* its community are fundamentally broken. Even Ubuntu, once the pride of the Linux world, can't get their shit straight when it comes to user interfaces, and have managed to piss off the majority of the community with Unity ... and now they want to do tablet UIs too?

The problem? Nobody in Linux-land innovates. You all bitch and whine about the competition (I should say "we all", because I did it too) ... and then, when you think nobody is looking, you go and rip off their technology / user interfaces / whatever.

In 6 months, I fully expect Mark Shuttleworth to announce that Ubuntu's going to support some form of sandboxing via the Ubuntu app store. Only, he'll put some kind of positive spin on it and you'll eat it up just as much as the Apple fans did.

Now excuse me. I think I'm going to go dig out my Commodore 128 - the last computer I actually had fun using... I'm sure there are a couple Atari fanbois on here who are going to make a snide comment or two about it though. Because nothing ever fucking changes.

Re:Cue Apple fans saying "That could NEVER happen" (0)

MobileTatsu-NJG (946591) | more than 2 years ago | (#37936914)

Of course, the second that Apple announces that they ARE, in fact, locking down the Mac's too, I suspect you'll see one of two responses (should be interesting to see how it goes):

Yeah, here's a third: They can't lock down Macs, just what they bring in through the App Store. Do you really think Apple's going to make it so you cannot run a Python script on your Macbook Pro?

In the mean time it's going to be a lot harder for that inexplicably popular Angry Birds clone to go rogue and start mailing off your personal data to some server in Russia.

Why is this such a bad thing? (2, Insightful)

Anonymous Coward | more than 2 years ago | (#37936192)

Why, at a technical level, is this so bad?
Because... uhh... uhhh.... uuhh... SCREW Apple!!

Haters gotta hate.

Re:Why is this such a bad thing? (1)

MichaelKristopeit501 (2018074) | more than 2 years ago | (#37936336)

no one said it was "bad" or "so bad" other than you...

you may as well have asked "why, at a technical level, is this so great?"

you're an ignorant hypocrite.

Re:Why is this such a bad thing? (1)

slim (1652) | more than 2 years ago | (#37936370)

"And so it begins...", from the summary, strongly implies disapproval.

Re:Why is this such a bad thing? (1)

MichaelKristopeit501 (2018074) | more than 2 years ago | (#37936776)

you have strongly implied you're a pessimistic idiot.

cower in my shadow some more behind your chosen non-substantial based pseudonym, feeb.

you're completely pathetic.

Re:Why is this such a bad thing? (4, Insightful)

IamTheRealMike (537420) | more than 2 years ago | (#37936352)

Sandboxing applications isn't so bad, and I think this is correct and inevitable. The fear comes purely from the fact that Apple has historically been very abusive with its app store policies, they aren't there purely to ensure security but are also used to simply crush apps some Apple executive didn't like, eg the "no competition" clauses.

Given Apples flaky approach to app store approvals, it's not unexpected that many people see this as the end of the Mac as an open(ish) computing platform. Given there aren't very many platforms, Microsoft tends to follow Apples lead these days, and Linux has never overcome its problems to go mainstream - that's a cause for concern indeed.

The good news is that there is Android, which gets it right - strong app sandboxing with an opt out checkbox you can tick if you want to. And it's open source so even if it stops being right tomorrow (unlikely), it's still a strong foundation others could build off. The bad news is that Android does not run on laptops or desktop machines, and does not have the enormous collection of industrial-strength apps like Photoshop, Office etc that MacOS/Win32 does.

Re:Why is this such a bad thing? (1)

Bill_the_Engineer (772575) | more than 2 years ago | (#37936674)

Why even mention Android? We have Linux, Windows, BSD, and other operating systems for the desktop. Also, this ONLY applies to applications sold in the App Store. You can still download directly from a vendor, or buy a DVD/CDROM from your local software retailer.

Re:Why is this such a bad thing? (-1)

DangerOnTheRanger (2373156) | more than 2 years ago | (#37936358)

I don't think you were being sarcastic, so I in turn will answer seriously: This basically makes 3rd-party software - like you get from Fink, for example - non-existent, as far as a Mac user is concerned, because all software for Macs will have to be retrieved from this "app store". This will likely severely limit the amount of FOSS software that is available for OSX. I used to think MS was the ultimate enemy of FOSS + software freedom, but Apple's starting to suggest otherwise...

Re:Why is this such a bad thing? (5, Informative)

Ambitwistor (1041236) | more than 2 years ago | (#37936534)

This basically makes 3rd-party software - like you get from Fink, for example - non-existent, as far as a Mac user is concerned, because all software for Macs will have to be retrieved from this "app store".

You're spreading FUD.

Software for Macs will NOT have to be retrieved from the app store only. This does not kill 3rd-party software or Fink. This announcement ONLY applies to applications that are voluntarily listed in the app store by their developers. Developers do not have to use the app store to distribute their apps.

It is possible that Apple may someday require all apps go through the app store, as you suggest, but that's not what this announcement is about.

Re:Why is this such a bad thing? (2)

DangerOnTheRanger (2373156) | more than 2 years ago | (#37936696)

You have a point; as a developer, you're not required to go through the app store - yet. Considering that 1) Apple is quickly making OSX behave like iOS 2) Apple has never liked not being able to control everything in the first place, it probably will be true in a matter of years (if not months). You're still right though - my statement is not true at the moment, and that's completely my fault.

Re:Why is this such a bad thing? (1)

DannyO152 (544940) | more than 2 years ago | (#37936952)

And let's think about who and who isn't in the app store.

Microsoft Office isn't. If users are forbidden to install Office, all the folks who are okay with buying Macs because they can run Office stop buying Macs.

Adobe Dreamweaver isn't. Say goodbye to web designers who are taught that tool.

I see someone cued the fanboys arguing that the big lockdown won't occur. I don't see that it's likely, but the point would be that those of us who need to run applications that cannot and will not be found in the App Store will replace our Macs with machines onto which we may install our productivity things. It will probably mean that we will have regretted giving Apple those last dollars and will not give Apple any more dollars. Are we in numbers such that Apple will miss us? Not my concern. I'm trying to get things done with the least amount of friction. No one ever guaranteed me it was always going to be easy, but I appreciate it when it is.

Re:Why is this such a bad thing? (3, Insightful)

SuricouRaven (1897204) | more than 2 years ago | (#37936382)

At a technical level, it isn't. Common-sense security is being applied: No app should have permissions to do something it can't show good need for. The fear isn't about technology, it's about Apple's business model, which is now built upon restricting the capabilities of their products in order to drive the users towards Apple's own supporting services. A successful business model, but one many regard as exploitative, detrimental to the users and a bad thing for the culture built around access to technology.

Showing need != showing machine-readable need (1)

tepples (727027) | more than 2 years ago | (#37936458)

No app should have permissions to do something it can't show good need for.

The problem is that there exist things that an app can show good need for that are not possible using the machine-readable need-showing mechanism that Apple is set to provide.

Re:Showing need != showing machine-readable need (1)

ColdWetDog (752185) | more than 2 years ago | (#37936630)

The problem is that there exist things that an app can show good need for that are not possible using the machine-readable need-showing mechanism that Apple is set to provide.

That's OK, they can let Siri do it.

Where is the problem? (1)

SuperKendall (25149) | more than 2 years ago | (#37936934)

The problem is that there exist things that an app can show good need for that are not possible using the machine-readable need-showing mechanism that Apple is set to provide.

Which a user can still install outside the app store.

Eventually the permission models will encompass enough functionality it will be possible - but in the meantime users get a fleet of far more secure applications and a far more secure system.

The only downside is a handful of applications that cannot be sold through the app store - but you couldn't before it existed either...

Problem? (4, Insightful)

AdrianKemp (1988748) | more than 2 years ago | (#37936250)

I fail to see any problem with this.

I'm actually far happier when apps are clean and well controlled in terms of what they put where, Apple is providing an assurance that this *will* be the case for officially approved apps.

Good on them.

Whether or not they eventually disable applications from outside the App Store is completely irrelevant to this move.

Re:Problem? (5, Interesting)

tripleevenfall (1990004) | more than 2 years ago | (#37936334)

As much as people like we /. denizens will gripe about this, for the average user it's a good solution. Disable by default the installation of unapproved apps. Allow users to opt out of that feature if they so choose.

For most users, who will never figure out how to enable non-market apps, or will have no desire to anyway, this makes their PC much more secure. For "power users", it's trivial enough to live in the old world.

Re:Problem? (1)

nine-times (778537) | more than 2 years ago | (#37936524)

For most users, who will never figure out how to enable non-market apps

That's only if companies like Adobe and Microsoft start selling their apps in the App Store.

Re:Problem? (1)

tepples (727027) | more than 2 years ago | (#37936404)

Does a "[n]eed to access hardware using something else than USB, for example Thunderbolt, FireWire or Bluetooth" or "to read and write files in a known location on a network disk" or to use the "Apple events" needed for AppleScript support necessarily imply that an app is not "clean and well controlled"?

Re:Problem? (1)

YojimboJango (978350) | more than 2 years ago | (#37936576)

No, but it does means that the app checks a lot of the same boxes as an app that is not "clean and well controlled".

Re:Problem? (1)

slim (1652) | more than 2 years ago | (#37936774)

Of course not, but the point is that the installer tells you what resources the app is demanding access to, and you have the choice to say "yeah, that makes sense", or "no, why the hell does it need that?"

Let's say you install a text editor, and it says it needs the ability to add/remove user accounts -- you'd raise your eyebrows.

Re:Problem? (1)

AdrianKemp (1988748) | more than 2 years ago | (#37936830)

You can request permissions for them, if your app is deemed to have valid use for it they will grant it.

In the meantime, apps that *don't* have valid use for those things, will not be permitted to use them

I have to add the disclaimer here that although I am an iOS registered developer, I am not an OS X. I cannot actually access the document from apple directly so I am going on what I can read elsewhere.

I find it exceptionally unlikely that Apple will ever completely disallow access to peripherals, since that would be stupid.

Re:Problem? (-1)

Anonymous Coward | more than 2 years ago | (#37936430)

It's mostly a problem for developers, which leads to a problem for users. Developers will have extra requirements and an extra wait period to be able to release something for Mac, which will either delay their launch for cross-platform software, or cause Macs to be left out of releases.

The bigger issue if Apple decides to lock down Mac to only App Store apps is that they take a cut of all apps sold through the store, and I doubt Adobe will be willing to hand over 30% of their Photoshop sales.

Re:Problem? (1)

SiMac (409541) | more than 2 years ago | (#37936562)

It seems highly unlikely that Apple would lock down the Mac to only App Store apps. It would really piss off both users and developers. I think Apple is more interested in (slowly) moving to a world where the Mac doesn't exist, and everyone uses an iPad or derivative.

Re:Problem? (0)

Anonymous Coward | more than 2 years ago | (#37936566)

I have to say I agree with you there. I agree with Apple's heavy policing of the iOS store because of all the malware and crap that seems to get into the Android store. What I do not approve of is iOS's lack of support for third party sources. Jailbreaking should not be a requirement to run other apps.

Re:Problem? (1)

AdrianKemp (1988748) | more than 2 years ago | (#37936758)

I very passively agree with this sentiment.

I think ultimately, I should be able to fire up XCode, and set my device up in a mode that allows me to install non-approved apps (Perhaps itunes, rather than XCode).

On the other hand, I'd never use it. There are insufficient diagnostic abilities on the device for me to determine if it's doing something shady, so I simply wouldn't actually use it.

The only thing I would ultimately end up using it for is putting my own apps on the phone, but I can do that for $99 a year, and frankly that's not breaking the bank. It *is* needless, but I'm not going to get real worked up about it.

Re:Problem? (1)

Truekaiser (724672) | more than 2 years ago | (#37936844)

what malware? as long as you stick to the normal market with the phone and not some market based out of china or one of amazon's you will not get any either.

Re:Problem? (1)

nine-times (778537) | more than 2 years ago | (#37936642)

Yeah, I don't think this is any more of a risk of "lockdown" than Apple having an App Store at all. Apple is distributing applications and, in effect, endorsing the applications it distributed. It sounds like mostly they're just asking developers to give them an idea of what security issues the application might have.

If they weren't so pretty (0, Flamebait)

ackthpt (218170) | more than 2 years ago | (#37936264)

People might get sick of the restrictive nature of Apple products.

Re:If they weren't so pretty (2)

couchslug (175151) | more than 2 years ago | (#37936350)

No. Their target market wants appliance-like reliability.

Other software choices exist outside the RDF and the sooner those who WANT choice are shunted there by Apple and MSFT the better.

They also seem to want appliance like inflexibilit (0)

Anonymous Coward | more than 2 years ago | (#37936810)

They also seem to want appliance like inflexibility. Or they're willing to call the appliance like inflexibility as either

a) the best thing ever to happen to personal computing

b) not happening, man, you can still edit the BIOS feature, reset the battery, enter Control-V-F-N-D-T-R-M and follow with the serial key of your mac and you'll be able to bypass it, until you update, which you like totally have to do, else all those problems you're having with the wonderful Xperience is YOUR FAULT.

How is it restrictive? Freedom for real people (5, Insightful)

SuperKendall (25149) | more than 2 years ago | (#37936654)

You can install an application from anywhere. Apple is simply providing application writers a mechanism to help ensure user security (that you can also use in building non app-store apps), and a channel for people to get applications that they know will have less potential impact on the system if there's a security issue. If I get a computer for a grandparent and say "buy applications from here" then they are substantially better off and I can rest easier knowing it's less likely the system is compromised, even if any given application is compromised.

I would say what is restrictive is the notion that users should have to understand computers well enough to secure them. That is the real prison which we have forced millions to endure for years. A computer that people can use to a great desire without worrying about how to "maintain" it is liberation for 99% of computer users on the planet.

TEOTWAWKI (0)

frnic (98517) | more than 2 years ago | (#37936268)

The End Of The World As We Know It!

I think the government should close down Apple and distribute it's resources to all the Geeks on Slashdot which are trying to protect those poor Apple customers from themselves.

Wasn't that always the plan? (0)

Anonymous Coward | more than 2 years ago | (#37936272)

> All that is needed after this to turn your Mac into an appliance...

Considering how much Jobs was influenced by an appliance designer (Dieter Rams of Braun)....

Re:Wasn't that always the plan? (0)

Anonymous Coward | more than 2 years ago | (#37936298)

No, it's not.

Apple is a business (5, Interesting)

linumax (910946) | more than 2 years ago | (#37936280)

And they're here to make money. There seems to be a large market for people who want pretty appliances with certain "limitations" that work painlessly. Limitations is in quotes because it's a limit to myself and many on Slashdot, but not to most casual users.

* Yawn * (1)

JabrTheHut (640719) | more than 2 years ago | (#37936284)

* Scratch *

Slow news day.

Why is this unreasonable (4, Insightful)

Geoffrey.landis (926948) | more than 2 years ago | (#37936310)

So, is this actually unreasonable? Seems to me that if you don't want machines to be pwned, it would be nice to have somebody look over the ap before it starts controlling processes outside its sandbox. Sudo privilege is nice to have, but it's also something you don't want to give away without oversight.

Stupid (1)

Mullen (14656) | more than 2 years ago | (#37936314)

This is stupid. Virus and Trojans are not coming through the App Store. People are installing pirated software that has been infected or purposely contains a trojan. If people stop installing pirated software or being dumb and installing software without questioning it, this problem would go away in the MacOSX space.

Define pirated software (1)

tepples (727027) | more than 2 years ago | (#37936506)

If people stop installing pirated software

Define pirated software. Is VLC Media Player pirated software because it is an independent implementation of a well-known media codec? Is a game like Quinn or NullpoMino pirated software because it implements the same rules as a well-known commercial game?

Re:Define pirated software (1)

Bill_the_Engineer (772575) | more than 2 years ago | (#37936808)

I think you are twisting his words around to try to make an off topic discussion on piracy. He did say (emphasis mine):

If people stop installing pirated software or being dumb and installing software without questioning it, this problem would go away in the MacOSX space.

I would put VLC Media player in the be smart about where you download it from portion of his comment.

Re:Stupid (0)

Anonymous Coward | more than 2 years ago | (#37936528)

"If people stop installing pirated software or being dumb and installing software without questioning it, this problem would go away in the MacOSX space."

This will never happen. Most computer users don't know how to properly gauge if a download or install is safe or unsafe. I've easily ended up on malware sites that most people wouldn't catch when googling for an application download.

Stupidity is not realizing the real attack vector (1)

SuperKendall (25149) | more than 2 years ago | (#37936792)

This is stupid. Virus and Trojans are not coming through the App Store

No, where they usually come through is data payloads to applications.

Which is why it's quite smart to not let applications have write access all over the system - not even all over your home directory.

There's already the user/system layer of protection, this just adds one more layer and greatly reduces the usefulness of corrupting data to an application as an attack vector - VERY important in an age where more and more applications have server based components that can be infiltrated.

Pirated applications are just one obvious vector of attack, but they will not be the worst problem if other paths are not secured.

Re:Stupid (1)

SlashdotIsRetarded (2499984) | more than 2 years ago | (#37936852)

So when Raven Adler got her Mac rooted at Schmoocon, was that because she was pirating software or was it because she was being dumb and installing software without questioning it? I mean, it's not like Safari, or Apple's software stack in general, hasn't had a metric fuckton of vulnerabilities over the last few years... Right?

Do you realize that for a long time the primary method of jailbreaking iOS was to simply visit a webpage and that webpage would deliver the payload to root the device? Do you see why this might be a problem? Do you see why sandboxing applications that interact with the outside world, like many from the app store, might be beneficial?

Re:Stupid (1)

Sprouticus (1503545) | more than 2 years ago | (#37936868)

Simply not true. Most viruses and software are coming from web site now a days. Or trojans is emails.

As someone pointed out, making this behavior the default is the first step. It will be a slippry slope.

1) you have to do it their way to get published in the app store, but users can run any app.
2) then you have to opt in to run any app
3) then you can't get support on OS issues if you have opted in and have non app store apps installed
4) then you cant install non app store apps.
5) viola, you have the iphone. and apple/microsoft decides what runs on your PC.
6) not that they are the gatekeepers, open srouce, freeware ISV's are suqeezed out when they implement a posting fee
7) Apple/MS start acting like the ISP's and try to generate money form both ends of the spectrum, in 5-7 years we will be talking about 'PC neutrality' like we do net neutrality now.

mark my words.

OMG TEH EVIL APPLE (5, Insightful)

wumpus188 (657540) | more than 2 years ago | (#37936318)

You don't ask Apple for anything. You just declare what your application needs from OS to function.

Ever heard of Android? Works the same way.

Re:OMG TEH EVIL APPLE (4, Informative)

onefriedrice (1171917) | more than 2 years ago | (#37936398)

You don't ask Apple for anything. You just declare what your application needs from OS to function.

Ever heard of Android? Works the same way.

But but but it's more fun to sensationalize the truth so we all can have another pretend reason to hate Apple.

Permissions conspicuous by their absence (3, Informative)

tepples (727027) | more than 2 years ago | (#37936660)

Ever heard of Android? Works the same way.

Every time Google adds a sensitive API to Android and documents it, it adds a corresponding permission to the application manifest schema. This means every single documented API in Android is either A. covered by the generic permission for all installed applications or B. covered by one of the permissions that an application can request. This Mac App Store sandbox, on the other hand, appears to add a category C: APIs that no sandboxed application can request, even with good reason. The page behind the second link [lacquer.fi] points out a few noticeable omissions in the available permissions. This points to one of two paths of speculation: either Apple will add permissions covering these holes in a later revision of the policy, or Apple plans to completely remove the functionality corresponding to those holes in future versions of Mac OS X.

Re:Permissions conspicuous by their absence (2)

Roogna (9643) | more than 2 years ago | (#37936938)

Mind you, Apple has a way for Developer's to provide feedback for APIs they need. If enough enter tickets requesting a API be sandboxed, it'll show up at some point. This has proven true on iOS side as well. If enough dev's put in requests for an API for something, it usually does show up, eventually. This isn't always a quick process, but the more feedback they get, the more likely it will turn up at some point.

Great Security (5, Insightful)

dogmatixpsych (786818) | more than 2 years ago | (#37936346)

This is very good practice for applications in the Mac App store. It's a huge security feature. Now, if Apple ever locks down the Mac to allow only applications from the Mac App Store (they won't), I'll give up Mac and go to Linux full-time (I use Macs for neuroimaging research and definitely don't have the applications/tools I use available through the Mac App Store; it would be nice to have a lot of them on a central repository though like Neurodebian {I virtualize that on my Macs}), but in the mean time I'll stick with my Macs. This is a wonderful security feature for applications given stamps of approval from Apple through the Mac App Store. Yes, there might be other security issues introduced through OS X issues but in general this is a positive step forward. Again, I'm not suggesting all applications should be sandboxed, I just think it is good practice for the ones distributed through the Mac App Store.

Re:Great Security (1)

boristdog (133725) | more than 2 years ago | (#37936530)

Exactly. I won't deal with Apple, but this is good for the unwashed masses in many ways...except one.

One tiny breach of the app store and you could suddenly have millions of zombie/compromised Apple devices out there. But they would all be trusted by everyone. Would Apple admit a breach and destroy the trust they've built?

Won't happen? Dream on. Sometimes a certain lack of trust is good.

Security (2)

Hentes (2461350) | more than 2 years ago | (#37936386)

This would be an important security feature if users could force it for any program.

So now that Apple's doing it, sandboxing is evil? (4, Insightful)

Trolan (42526) | more than 2 years ago | (#37936406)

Sandboxing applications is a common security model on Unix systems, so why is this a bad thing on desktop apps as well? The App Store apps already had restrictions on where you could put your executable. This just codifies other accesses into a model where the developer sets up the privileges the app requires instead of leaving it at the free-for-all it is now.

APIs with no corresponding permission (1)

tepples (727027) | more than 2 years ago | (#37936720)

Why not? Because some useful operations in the existing API aren't available to any sandboxed application. I explained in more detail, contrasting it with Android's approach, in my reply to wumpus188 [slashdot.org] .

The haters never get tired. (1)

Anonymous Coward | more than 2 years ago | (#37936462)

You bought you Mac because it "just works"
Anyone with a remote clue will recognize that these measures are to ensure that the programs delivered through the app store "Just work"

To anyone who wants a simple to use computer, or anyone who administers (formally or informally) a computer for another user, these things are a boon.

I WISH I could containerize and sandbox the apps I deployed to my windows users at work. Christ, I wish I could have my organization wide app store where users could click on nice rounded-squares and get the apps they need themselves.

The Future of Computer Security, Writ Large (3, Insightful)

stating_the_obvious (1340413) | more than 2 years ago | (#37936464)

The future of all applications will be individual sandboxes. Why the hell would you have perimeter security (show your credentials to access the enture kingdom) versus a police state (show me your papers) that denies all privileges not specifically granted. I'm not saying I want to physically live in that world, but I definitely want my computers operating in that world

Ummm... good? (5, Insightful)

Just Some Guy (3352) | more than 2 years ago | (#37936484)

So a free Twitter app isn't allowed to take screenshots while I have my checkbook app open? I'm OK with that. Every one of those restrictions seem perfectly reasonable and good.

Too far? (2)

GWBasic (900357) | more than 2 years ago | (#37936492)

I do think some kind of sandboxing would be nice; for example, blocking Skype from automatically installing plugins in every browser under the sun without asking my permission. It's important that sandboxing doesn't prevent programs from being useful.

Why is Apple allowed to do things and not get sued (1)

fullmetal55 (698310) | more than 2 years ago | (#37936550)

So let me get this straight, If apple does only allow app installations from the App Store, rather than allowing you to install whatever you want on your computer. What does this mean for anti-trust precedents set against Microsoft? The lawsuits fighting against them bundling IE with windows. Microsoft never wanted to deny you the right to install another browser, they simply bundled their browser with their OS, and got sued for it. Apple did it, nobody batted an eye. Apple prevented you from installing another browser on an iPod, iPhone, and iPad, and nobody batted an eye. where are the anti-trust lawsuits? You know if google released android with the limitation of only using a chrome based browser, they'd be sued as well. Why is Apple so special that they can do the same things on an even grander scale and everything is ok? I'm not anti-Apple per se, I own an iPhone and an iPad, because they do what I want them to do, for the most part. I got the iPhone before Android was any good, and am now financially commited to iOS, which is why i got an iPad, apps are transferable, and I don't have to plunk down a lot more cash to get the same functionality. I do really wish I could use a different browser than Safari once in a while. Especially since Safari crashes on my iPad at least 3-4 times a day.

Re:Why is Apple allowed to do things and not get s (0)

Anonymous Coward | more than 2 years ago | (#37936622)

I don't think Apple is necessarily only allowing app installations from the App store, just allowing people to only allow it.

Which can be done on Microsoft Windows too, it's part of their security certification.

Re:Why is Apple allowed to do things and not get s (1)

Pope (17780) | more than 2 years ago | (#37936668)

Apple isn't a monopoly. QED.

Also note that they have NOT restricted non-App Store programs from being installed.

Re:Why is Apple allowed to do things and not get s (1)

catmistake (814204) | more than 2 years ago | (#37936748)

What does this mean for anti-trust precedents set against Microsoft?

Nothing. Apple is not a monopoly, anti-trust doesn't apply, they can do whatever they want until they reach, whatever, 90% market saturation. Also, what you and the summary suggest, only allowing Mac AppStore installations, will never happen.

Re:Why is Apple allowed to do things and not get s (1)

s4ndm4n (1361751) | more than 2 years ago | (#37936910)

I do really wish I could use a different browser than Safari once in a while. Especially since Safari crashes on my iPad at least 3-4 times a day

There are alternative browser options on Apple devices, including the ipad. You can find some information here, but this was just a real quick look up about firefox on ipad. Apparently there are other browsers though. Just FYI.

Re:Why is Apple allowed to do things and not get s (0)

Anonymous Coward | more than 2 years ago | (#37936932)

They can't. Your rationale for thinking that that they can make 0 sense.

If apple does only allow app installations from the App Store, rather than allowing you to install whatever you want on your computer. What does this mean for anti-trust precedents set against Microsoft?

MS has no anti-trust precedents in the context of an app store.

I do really wish I could use a different browser than Safari once in a while

Try Opera [apple.com]

specially since Safari crashes on my iPad at least 3-4 times a day.

Based on precedent set by your thoughts contained in your post, I am going to attribute this to user error.

I see know problem with this... (1)

thestudio_bob (894258) | more than 2 years ago | (#37936582)

If this prevents companies like Adobe and game developers from installing crappy insecure DRM measures all over my machine, then I welcome this.

90% of the population won't notice anything different, where as the other 10% who happen to be tech savvy will bitch and moan about the walled garden until there face turns blue.

no steam in app store & adobe will not give up (0)

Anonymous Coward | more than 2 years ago | (#37936752)

no steam games in app store & adobe will not give up 30% of the cost of CS to get in the app store.

It's good, and I'd like it for Linux (3, Informative)

slim (1652) | more than 2 years ago | (#37936586)

OK, not the "central authority can veto apps" part.

But the "app package declares what system calls it needs to access; package manager reports it; sandbox enforces it" part.

You can achieve it in a limited way with things like chroot, but having it conveniently bundled is nice.

# apt-get install gnuTunes
INFO: gnuTunes requires:
  - read/write access to ~/.gnuTunes/ for the user
  - access to audio output
  - read access to the optical drive
  - read/write access to ~/Music/ for the user
  - read access to /usr/share/Music/
  - make HTTP requests to http://gracenote.com/ [gracenote.com] ... and so on.

This is actually a good move (1)

jerryjnormandin (1942378) | more than 2 years ago | (#37936662)

it wasn't too long ago when there were infected apps in the Android market. This is a good security move.

If only (0)

Anonymous Coward | more than 2 years ago | (#37936666)

there was another computer operating system and hardware we could purchase.

Idiots.

This would be fine, if only... (1)

davidwr (791652) | more than 2 years ago | (#37936728)

Some people have already commented that this is a feature, not a bug.

This would be fine, if only Apple didn't have a monopoly on "stores" for un-jailbroken devices. If Apple allowed anyone to set up their own "app store" and allowed the customer to select which stores the customer approved of, then everyone (except maybe Apple) would be happy. Customers wanting a walled garden would have a walled garden. Customers wanting to shop in other stores could do so. App-makers could decide whether to put their good in Apple's store or not as they saw fit.

Let's look at it another way:

Imagine if your car manufacturer only let you buy gas at its stations. It had stations all over the place so buying gas wasn't a problem. It offered hundreds of brands of gas, but only gas that it had approved and for which it took a 30% commission.

I see anti-trust lawsuits in Apples future.

Oops, my bad, disregard (1)

davidwr (791652) | more than 2 years ago | (#37936784)

I didn't RTFA and I didn't see the word "Mac" in the title.

I had iPad and iPhone on the brain.

Sorry for the mis-placed rant.

iSux (0)

Anonymous Coward | more than 2 years ago | (#37936772)

The Slashdot crowd always loves to bang on Microsoft because, apparently, it believes that MS is the locus of evil in the technological world. MS doesn't pull even half of the gestapo crap that Apple pulls on a regular basis. Hey, libs, want to know what "corporate greed" really looks like? Take a look in the face of apple, and not only will you see greed but a grotesque Orwellian vision of computing that Apple is intent on shoving down your throat.

wecome to nazi computing (0)

Anonymous Coward | more than 2 years ago | (#37936924)

No app store for you next!

Let me get this straight.... (1)

ironcanuk (1022683) | more than 2 years ago | (#37936930)

If I want my app to listen to a specific socket and accept connections from remote logging instruments, or I want my app to allow the user to save/load files wherever they want - I'll have to convince Apple that I'm deserving of such 'responsibility'? *blink* *blink*
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>