Re: Sandboxing and the Mac App Store [was Re: a website for viewing apps that are no longer in the iTunes app store? Please?}

[josh gregory]

Pretty confusing. It's not you, but the concept in general.

On 6/26/12, Esther  wrote:
> Hi Josh,
>
> You wrote:
>> Hi there. A couple questions. Will apps no longer in the app store
>> still be available through macupdate.com? Secondly, what are
>> sandboxing restrictions? Thanks!
>
> Any apps that you've purchased from the MacApp Store will still be on your
> machine, and these will often be available from individual developer sites,
> and listed at MacUpdate.com  (The MacUpdate site really just aggregates
> information and links to current Mac applications.)
>
> At present you can get apps either independently through individual
> developers or by checking the Mac App store.  In many cases, an app can be
> found either way.  The advantage of the Mac App store is that it's a
> one-stop source, and you can also automatically update to new versions of
> the applications through a single interface.  The disadvantages are that you
> can't access time-limited trial downloads of apps -- that's because Apple
> won't let anyone sell an app from which they remove functionality at a later
> time without additional payment.  In some other cases, you can't access
> additional freeware software that the developer may refer you to without
> going to their web site.  An example here might be DVDRemaster Pro, which
> allows you to rip DVD's you own to movie files on disk, or rip just the
> audio sound tracks to files, or make copies of DVDs that you own.  To
> function on dvds with digital rights management (DRM), you either need to
> have the free VLC multimedia software (an
>  other third party application) or else download the Fairmount software from
> the developer's site.   Because the Fairmount  software is not Metakine's
> own product, although they can legally point you to it for distribution
> copies, they can't bundle it with their DVDRemaster Pro software in the Mac
> App Store, and you have to go to their web site to get it.
>
> The issue with sandboxing is when programs can take control of the
> performance of other programs.  Restricting this provides extra security, in
> the event of malware, or even of unforeseen consequences of programming, and
> sandboxing means that programs can only control the local environment of
> their own program.  But it can also remove capabilities. Sarah gave one
> example with growl notifications.  Here's another, to show this can work
> both ways.  Many users like Rogue Amoeba's Audio Hijack Pro, which lets you
> record and redirect your audio streams in many ways, including capturing and
> recording audio from specific applications.  Four years ago, after a
> security update in Leopard (Mac OS X 10.5), Gordon (the list owner) asked
> whether anyone had lost the ability to do secure logins with SSH after the
> update.  I hadn't, but a quick web search turned up the answer that the
> Instant Hijack feature in Audio Hijack Pro was incorrectly written in a way
> that made programs like SSH fail
>  .  (This had to do with moving the location that a program like SSH starts
> up in memory to a different place each time, to make it harder for an
> attacker to take control of your system.  Instant Hijack used the protocol,
> but managed to hose SSH behavior.)  This kind of dependency is a pain to
> troubleshoot.  Fortunately, there were so many Audio Hijack users that it
> became evident that the problem was tied to that software, and the developer
> quickly came up with a fix.
>
> So the tradeoff is between greater safety for the user experience vs.
> improved software capabilities when programs can control other programs.  In
> the case of TextExpander, you would no longer be able to type predefined
> custom snippets that would expand into anything you liked (such as your
> signature line, or just an easy way of typing a set of phrases or computer
> code.  Instead, it would have to work the way it does on the iPhone, where
> only applications that included the free TextExpander API in their code
> would let you do this.  In other cases you would have to type, then copy and
> paste to get the benefit of this.
>
> Here's a link to another article about the current concerns of developers
> with sandboxing:
> iClarified article, "Mac App Store Sandbox Leaves Developers Frustrated"
> Tuesday, 26th June 2012:
> http://www.iclarified.com/entry/index.php?enid=22842
>
> HTH.  Cheers,
>
> Esther
> <--- Mac Access At Mac Access Dot Net --->
>
> To reply to this post, please address your message to
> mac-access@mac-access.net
>
> You can find an archive of all messages postedto the Mac-Access forum at
> either the list's own dedicated web archive:
> 
> or at the public Mail Archive:
> .
> Subscribe to the list's RSS feed from:
> 
>
> The Mac-Access mailing list is guaranteed malware, spyware, Trojan, virus

Sandboxing and the Mac App Store [was Re: a website for viewing apps that are no longer in the iTunes app store? Please?}

[Esther]

Hi Josh,

You wrote:
> Hi there. A couple questions. Will apps no longer in the app store
> still be available through macupdate.com? Secondly, what are
> sandboxing restrictions? Thanks!

Any apps that you've purchased from the MacApp Store will still be on your 
machine, and these will often be available from individual developer sites, and 
listed at MacUpdate.com  (The MacUpdate site really just aggregates information 
and links to current Mac applications.) 

At present you can get apps either independently through individual developers 
or by checking the Mac App store.  In many cases, an app can be found either 
way.  The advantage of the Mac App store is that it's a one-stop source, and 
you can also automatically update to new versions of the applications through a 
single interface.  The disadvantages are that you can't access time-limited 
trial downloads of apps -- that's because Apple won't let anyone sell an app 
from which they remove functionality at a later time without additional 
payment.  In some other cases, you can't access additional freeware software 
that the developer may refer you to without going to their web site.  An 
example here might be DVDRemaster Pro, which allows you to rip DVD's you own to 
movie files on disk, or rip just the audio sound tracks to files, or make 
copies of DVDs that you own.  To function on dvds with digital rights 
management (DRM), you either need to have the free VLC multimedia software (an
 other third party application) or else download the Fairmount software from 
the developer's site.   Because the Fairmount  software is not Metakine's own 
product, although they can legally point you to it for distribution copies, 
they can't bundle it with their DVDRemaster Pro software in the Mac App Store, 
and you have to go to their web site to get it. 

The issue with sandboxing is when programs can take control of the performance 
of other programs.  Restricting this provides extra security, in the event of 
malware, or even of unforeseen consequences of programming, and sandboxing 
means that programs can only control the local environment of their own 
program.  But it can also remove capabilities. Sarah gave one example with 
growl notifications.  Here's another, to show this can work both ways.  Many 
users like Rogue Amoeba's Audio Hijack Pro, which lets you record and redirect 
your audio streams in many ways, including capturing and recording audio from 
specific applications.  Four years ago, after a security update in Leopard (Mac 
OS X 10.5), Gordon (the list owner) asked whether anyone had lost the ability 
to do secure logins with SSH after the update.  I hadn't, but a quick web 
search turned up the answer that the Instant Hijack feature in Audio Hijack Pro 
was incorrectly written in a way that made programs like SSH fail
 .  (This had to do with moving the location that a program like SSH starts up 
in memory to a different place each time, to make it harder for an attacker to 
take control of your system.  Instant Hijack used the protocol, but managed to 
hose SSH behavior.)  This kind of dependency is a pain to troubleshoot.  
Fortunately, there were so many Audio Hijack users that it became evident that 
the problem was tied to that software, and the developer quickly came up with a 
fix.

So the tradeoff is between greater safety for the user experience vs. improved 
software capabilities when programs can control other programs.  In the case of 
TextExpander, you would no longer be able to type predefined custom snippets 
that would expand into anything you liked (such as your signature line, or just 
an easy way of typing a set of phrases or computer code.  Instead, it would 
have to work the way it does on the iPhone, where only applications that 
included the free TextExpander API in their code would let you do this.  In 
other cases you would have to type, then copy and paste to get the benefit of 
this.

Here's a link to another article about the current concerns of developers with 
sandboxing:
iClarified article, "Mac App Store Sandbox Leaves Developers Frustrated" 
Tuesday, 26th June 2012:
http://www.iclarified.com/entry/index.php?enid=22842

HTH.  Cheers,

Esther
<--- Mac Access At Mac Access Dot Net --->

To reply to this post, please address your message to mac-access@mac-access.net

You can find an archive of all messages postedto the Mac-Access forum at 
either the list's own dedicated web archive:

or at the public Mail Archive:
.
Subscribe to the list's RSS feed from:


The Mac-Access mailing list is guaranteed malware, spyware, Trojan, virus and 
worm-free!

Please remember to update your membership options periodically by visiting the 
list website at: