Linked by Thom Holwerda on Thu 3rd Nov 2011 22:54 UTC
Mac OS X And so the iOS-ification of Mac OS X continues. Apple has just announced that all applications submitted to the Mac App Store have to use sandboxing by March 2012. While this has obvious security advantages, the concerns are numerous - especially since Apple's current sandboxing implementation and associated rules makes a whole lot of applications impossible.
Order by: Score:
Comment by shmerl
by shmerl on Thu 3rd Nov 2011 23:06 UTC
shmerl
Member since:
2010-06-08

As usual, sandboxing Apple's profits from competing products, instead of protecting user from security threats.

Reply Score: 5

v Clarification
by bowkota on Thu 3rd Nov 2011 23:58 UTC in reply to "Comment by shmerl"
RE: Clarification
by Thom_Holwerda on Fri 4th Nov 2011 00:04 UTC in reply to "Clarification"
Thom_Holwerda Member since:
2005-06-29

Can you please update the article, it's misleading and misinformed.

The sandboxing requirement is not something new.
The initial deadline was November, it was pushed to March because apparently things aren't clear and some aren't ready.


You clearly didn't read my article. Please read before accusing me of things, okay?

Graçias.

Reply Score: 7

v RE[2]: Clarification
by bowkota on Fri 4th Nov 2011 00:11 UTC in reply to "RE: Clarification"
v RE[2]: Clarification
by sicofante on Fri 4th Nov 2011 00:33 UTC in reply to "RE: Clarification"
v RE[3]: Clarification
by jackeebleu on Fri 4th Nov 2011 01:32 UTC in reply to "RE[2]: Clarification"
RE[3]: Clarification
by wargum on Sun 6th Nov 2011 11:36 UTC in reply to "RE[2]: Clarification"
wargum Member since:
2006-12-15

Strongly disagree! If impersonated stupidity shouts in your face, you should be able to call it just that!

Reply Score: 2

RE[2]: Clarification
by ebasconp on Fri 4th Nov 2011 04:39 UTC in reply to "RE: Clarification"
ebasconp Member since:
2006-05-09

Graçias.


Just a comment; if what you wanted to say was "thanks" in Spanish, it is spelled "Gracias", with "c" instead of "ç". The "c con cedilla" ("ç") does not belong to the Spanish alphabet though "c" represents the same phonemes that "ç" when written with "e" or "i". In Spanish the "ç" has been substituted by "z" when used with a, o and u and by "c" when used with e and i.

Whatever, if you tried to say "thanks" in other language than Spanish, then forget my pedantic comment ;)

¡Gracias!

Reply Score: 8

RE[3]: Clarification
by Thom_Holwerda on Fri 4th Nov 2011 08:59 UTC in reply to "RE[2]: Clarification"
Thom_Holwerda Member since:
2005-06-29

Thanks for the clarification - I don't actually speak Spanish (I'm more Germanic-language oriented), so I don't know any of this stuff. I can understand French and Italian pretty well, but Spanish has always been way more difficult, for some reason ;) .

Reply Score: 1

I actually agree...
by thavith_osn on Thu 3rd Nov 2011 23:42 UTC
thavith_osn
Member since:
2005-07-11

...with Thom for a change.

This is not good news for most things. OS X as iOS makes sense in a lot of ways, but certainly not all ways.

I like the idea of buying an app that will run on any "iDevice", including the new TV's when they turn up, I like the idea of one set of tools and coding once for all things.

Sandboxing is great for a lot of apps, and not having the ability to talk to standard devices on your Mac is just plain dumb, security be damned. Have restrictions like that will play into the hands of the big time guys and make computing for the guys in the garages basically impossible (unless they are writing simple apps). Apple will soon stop us downloading apps to the OS without AppStore, sadly you can see it coming. MS will do the same. I was sure this wasn't the case, but now I believe it just might be, lets hope we are wrong.

I think a lot of "us" might start using Linux / BSD / {insert cool non restrictive OS here} a lot more.

iOS is great for "most of them", but not good for "most of us". I have an iPad 2 here that I basically never use. I know a lot of people who love them, but I'm certainly not one of them, OS X on a laptop kills it (presently).

Reply Score: 4

RE: I actually agree...
by Moredhas on Fri 4th Nov 2011 06:42 UTC in reply to "I actually agree..."
Moredhas Member since:
2008-04-10

Linux is kind of going to gain traction by default, now. Microsoft and Apple, at the consumer side, are making a concerted effort to turn their backs on the professional market. Sure, Microsoft might still keep their server offering vaguely professional, but who the hell is going to know how to use it, once Metro has vomited all over Windows' desktop versions? Pretty much the only reason windows is considered "easy" to use is it's ubiquity, and I'm sure that's all that keeps it in the server room, and in cubicles, too.

Professionals who want a UI that hasn't been butchered, and who want to run more than just what Apple and Microsoft let them, will turn to some form of Linux. This won't happen overnight, it may not even happen during Window's 8's shelf life, but I think the bile the two major players are forcing on us will turn more people to Linux.

Reply Score: 4

Mandatory App Store
by David on Fri 4th Nov 2011 00:55 UTC
David
Member since:
1997-10-01

I do not share your certainty that the App Store model will become the only method of installing software on Macs. I actually think it's more likely that the iOS ecosystem will end up with an usupported jailbreak mode first (not that I think that's likely). The truth is, there's a reason why the PC spawned the computing revolution. The computing industry started out totally cowboy, where everyone had to write all their own software (1950s-70s). When PCs from various makers first started to come out, there was a flirtation with locking things down for the sake of making computing more accessible, such as PCs that used ROMs or cartridges for apps, and purpose-specific word processors that only supported one task. (1980s). Ultimately, people started getting more sophisticated and demanded more flexibility, and the marketplace met them halfway: even Apple embraced more freedom with what you could do with your computer. (3rd and 4th generation Macs were much more open than 1st generation ones). I think there's a decent chance the same cycle is repeating itself on the mobile front.

Apple may miss the party out of hubris and greed, and Microsoft may backslide because they never met a bad idea they didn't like, but I think that the freedom of a general-purpose PC, handheld or not, is too powerful to hold back. Personally, I think Apple will come around. A sandboxed App Store is a beautiful thing for people's grandmas and cubicle drones who would gladly install malware because it lets them make their cursor into a penis shape, and it has its value.

Reply Score: 5

RE: Mandatory App Store
by dsmogor on Fri 4th Nov 2011 08:16 UTC in reply to "Mandatory App Store"
dsmogor Member since:
2005-09-01

Looking at newest shell developments (KDE aside) they are already ahead of competition.
Of course you can always fire up xterm and feel right at home, but you can do it on OSX as well.

Reply Score: 2

RE: Mandatory App Store
by karunko on Fri 4th Nov 2011 09:25 UTC in reply to "Mandatory App Store"
karunko Member since:
2008-10-28

The truth is, there's a reason why the PC spawned the computing revolution.


But... but... but... I've been told Apple started the computer revolution?!? ;-)


RT.

Reply Score: 2

RE[2]: Mandatory App Store
by David on Fri 4th Nov 2011 15:35 UTC in reply to "RE: Mandatory App Store"
David Member since:
1997-10-01

I LOL'd at your response. But to give Apple's PR machine credit, I was using the term PC generically to mean Personal Computer, and the Apple ][ was right in there with the rest of them. Apple has always straddled the line between user freedom and a "just works" ethos that's sometimes anathema to user freedom. The Apple ][ was freer, then the Mac backslid, then later Macs were freer, then iOS was a backslide.

Reply Score: 1

RE: Mandatory App Store
by ZombieFish on Fri 4th Nov 2011 11:56 UTC in reply to "Mandatory App Store"
ZombieFish Member since:
2011-11-04

A sandboxed App Store is a beautiful thing for people's grandmas and cubicle drones who would gladly install malware because it lets them make their cursor into a penis shape, and it has its value.


And that, dear sir, is 99.99% of computer users. We tend to forget that.

Reply Score: 1

You can stop it
by Lorin on Fri 4th Nov 2011 02:19 UTC
Lorin
Member since:
2010-04-06

Try looking for or encouraging alternatives for applications, Google needs to learn that same lesson.

Reply Score: 0

Comment by benb320
by benb320 on Fri 4th Nov 2011 02:24 UTC
benb320
Member since:
2010-02-23

That's okay (just kidding about that) cause I'm gonna use the mac app store on the 12th of never anyway. How do any of you find lion? Is it much better? I didn't update because it doesn't really seem to be much improvement to me.

Reply Score: 1

RE: Comment by benb320
by karunko on Fri 4th Nov 2011 09:52 UTC in reply to "Comment by benb320"
karunko Member since:
2008-10-28

How do any of you find lion? Is it much better?

Downgraded to Snow Leopard on both my Macs after a week or so. Some things are firmly in the WTF camp but you can just ignore them (I'm looking at you, LauncPad); others are a bit more worrisome like tons of warnings in /var/log/system.log about deprecated functions -- from Apple's applications, no less!

But the real deal breaker for me is that Screen Sharing is completely broken unless you happen to use only Macs.

If the Mac has been freshly rebooted you can connect from any other OS with your VNC client of choice, but good luck after that. You just get the login screen, possibly with no user list or input field to type your password and, even when you do, the screen freezes before you can finish typing.

Of course you can close the connection and try again. And again. And again. If Screen Sharing doesn't lock altogether you might even get in. Eventually. And no, the problem are not the VNC clients, since they are working fine with Snow Leopard.

That said, I realize that this probably is not a big deal for people that are not working in an heterogeneous environment -- or that not everybody gets irritated by Lion "features" as easily as I do. In other words, the usual "your mileage may vary" disclaimer apply.


RT.

Reply Score: 4

No alternatives
by sb56637 on Fri 4th Nov 2011 02:24 UTC
sb56637
Member since:
2006-05-11

I agree that this will send a lot of users in search of greener pastures in Linux... only to run screaming back to Windows. If it's true that Apple doesn't respect power users and developers, it's even more true that OSS doesn't respect normal users. The instability and the plethora of arcane, hacky "fixes" for issues that never should have appeared in the final release of many Linux distros are every bit as annoying as the dumbing down of the Microsoft and Apple products. And that's assuming users can even manage to install Linux on top of their "Secure Boot" BIOS.

(By the way I am an 8 year user of Linux on the desktop almost exclusively. But frankly I'm not satisfied with the state of GNU/Linux or Microsoft or Apple at the moment.)

Reply Score: 3

v Linux is heading the the same direction
by tuaris on Fri 4th Nov 2011 02:43 UTC
stabbyjones Member since:
2008-04-15

"this will only have one outcome: more refugees towards Linux."

Unfortunately, Linux appears to be heading in the same direction with GNOME Shell but slower and less obvious.

What's wrong with developers lately?


how is gnome-shell in any way related to an app store?

Reply Score: 5

cyrilleberger Member since:
2006-02-01

gnome-shell eats kittens. like the app store.

Reply Score: 8

Hiev Member since:
2005-09-27

Then I eat kitties with sauce:

http://imagebin.org/182455

Reply Score: 2

Us poor apple users
by roverrobot on Fri 4th Nov 2011 02:46 UTC
roverrobot
Member since:
2006-07-23

My first reaction was laughing at apple's childish decision of making everything the produce a toddler-proof toy. But then I realized that I am using a mac to browse the article. Oh my!

Luckily apple hasn't disable third party installers yet. So I can still install most of the software I use. Unfortunately I have this bad feeling that the perverts at apple will eventually take this precious ability away from us.

Reply Score: 4

Comment by Luminair
by Luminair on Fri 4th Nov 2011 04:16 UTC
Luminair
Member since:
2007-03-30

apple can see how far they get with their stranglehold. good for them. in the mean time, my favorite app stores remain cdrom.com and download.com and sourceforge.net

Reply Score: 5

As a life long Apple user
by Kivada on Fri 4th Nov 2011 05:42 UTC
Kivada
Member since:
2010-07-07

Going back to the IIe's, IIGS's, Mac SE's and Classics I can soundly say FUCK YOU APPLE!!!

I'm sticking with Linux and Haiku, just waiting on Mate Desktop PPA https://launchpad.net/~amanas/+archive/mate-desktop to be finished for Ubuntu Studio since XFCE is no substitute for Gnome2.

Reply Score: 2

Neolander
Member since:
2010-03-08

Most software does not need to go outside of a well-designed sandbox. Even complex stuff such as web browsers and IDEs can work fine within the boundaries of a sandbox.

The real problem here is that Apple, not the user, is in control of what gets allowed in the end. Which is ironical, given that mandatory software sandboxing puts the user back in control of what untrusted software does, and as such pretty much negates the need for such application stores.

Reply Score: 2

dsmogor Member since:
2005-09-01

Which kind of reveals true motives behind the decision.

Reply Score: 3

dsmogor Member since:
2005-09-01

With this decision they could as well subscribe to Google vision of combining HTML5, WEBGL and NACL to convert majority of apps to the WEB.
In sandboxed form they will not have much more abilities.

Reply Score: 3

Good move
by frderi on Fri 4th Nov 2011 08:03 UTC
frderi
Member since:
2011-06-17

I for one welcome the change. Apple is one of the only companies which can actually pull off having the majority of its desktop apps use sandboxing by default, making it a technology which actually benefits the user because its being used instead of being an interesting concept ignored by almost everyone.

The PC world we have now is a very different place than what it was 20, 30 years ago. We used to have these puny standalone machines in front of us which could barely run one app at the same time, with little room on them to store any of our data. Back in those days, the personal computer was basically a glorified crossbred between a typewriter and a calculator. These days we have boxes filled with more system resources than most will ever use, and they're storing a ton of personal information, and are mostly available on a global network, the internet.

Yet the basic concept that applications use to run really hasn't changed all that much from the first computers. In all that time, the bottom line remained, when an app has certain privileges to execute, there's no telling what its doing on your machine.

As stated earlier, there's already been a tech around to fix it for quite some time now. Its just that in the world of an uncurated platform, developers tend to be lazy and take the easiest route to get things done. This is no longer possible with the Mac App Store, since it combines technical requirements with the ability to bring your applications to market in a digital way.

I'm not saying the rules for sandboxing applications in the Mac App Store are perfect. There more than probably are things that need further adjustments. We saw the same thing with the App Store for iOS devices. Some people cried foul when it launched, calling the approval process and the rules it tried to impose draconian. But really it turned out to be a such a huge success, that others are copying this model. It made finding and installing software on your devices a breeze, and it strongly discourages piracy, which together with the low unit price of apps makes people much more inclined to buy software instead of copying it.

Apple was the first one to actually try and pull this off on such a big scale. On the App Store, they did well enough that both users and developers benefitted. I seriously doubt apps on the iOS platform would have been such a huge deal if it weren't for the App Store. I'd say give them some credit for actually trying to make this change for the better happen. Nothing is ever perfect from the first round to go, thats why we humans developed reason, to be able to communicate any concerns one may have with another, and when it makes sense, I'm sure the policies will change. The App Store policies changed as well to facilitate things it didn't anticipate, so I'm certain the same is the case with the Mac App Store.

Edited 2011-11-04 08:05 UTC

Reply Score: 1

RE: Good move
by karunko on Fri 4th Nov 2011 11:27 UTC in reply to "Good move"
karunko Member since:
2008-10-28

I for one welcome the change. Apple is one of the only companies which can actually pull off having the majority of its desktop apps use sandboxing by default, making it a technology which actually benefits the user because its being used instead of being an interesting concept ignored by almost everyone.

Deep down inside I would like to retort with something along the lines of "if you're too stupid to use a computer you probably shouldn't be allowed to use one", but that wouldn't get me very far, so I'll try with some good old fashioned reasoning instead. ;-)

Looking at the list of "entitlements" in Pauli's article it should be obvious that there are plenty of perfectly legit, non trivial applications that need way more than that, so what's a developer to do? And no, the "sell your application on your own as you did before" argument doesn't cut it: either the App Store is really important and you'd be a fool not to be there, or it isn't -- but then all the people waxing lyrical about the importance of the App Store should eat their own words and go hide under a rock.

But wait, there's more: these "entitlements" are not automatic. That is, that list is not just a list of what an application can do, a developer must still "convince" Apple that his application really needs to, say, interact with a USB device or connect to remote server. Simply put: even more power to the reviewers and plenty of uncertainty for the developer -- and let's not forget that when it comes to the App Store(s) neither transparency nor consistency have a stellar record.

In other words, it could be said that this is the same old excuse that we're being offered each time we're presented with a large, bitter pill to swallow: it's for the children! it's for your own protection! it's for the common good! and so on. This is supposed to look reasonable and even "good" on the surface, but when you start thinking about the implications, or about that bit of freedom (no matter how tiny) that you are going to give up for a bit more "safety" in return, you better ask yourself: is it really worth it?

For my part, I will continue to avoid the App Store as much as I can and if a day will come when the only applications that can be installed are those sanctioned by Apple, I'll just sell my Macs and move somewhere else.


RT.

Edited 2011-11-04 11:36 UTC

Reply Score: 6

RE[2]: Good move
by frderi on Fri 4th Nov 2011 18:51 UTC in reply to "RE: Good move"
frderi Member since:
2011-06-17


either the App Store is really important and you'd be a fool not to be there, or it isn't


I think the Mac App Store is especially a big deal for the consumer market. For corporations deploying apps there are better tools available. They typically use prepared system images, app server services, ASR or some other deployment tools to roll out applications.

Having both instead of either/or does not need to be problematic : The ISO you use from a corporate vendor probably won't be the issue when you're installing your legitimate pro apps. The biggest danger in getting uninvited guests on your system is mostly in small, unknown tools which you happen to need "on the fly" and you download off the internet. To this the Mac App Store offers a safe alternative to uncurated sites. So both can complement each other.


In other words, it could be said that this is the same old excuse that we're being offered each time we're presented with a large, bitter pill to swallow: it's for the children! it's for your own protection! it's for the common good!


I generally prefer "For the advancement and greater good for humanity". Get over it and enjoy the new world.


thinking about the implications, or about that bit of freedom (no matter how tiny) that you are going to give up for a bit more "safety" in return, you better ask yourself: is it really worth it?


I think there's enough empirical evidence to say there is, seeing as to how popular non curated systems get infected by filth like keyloggers, spyware, and botnets so easily.

One has to think about which freedom one prefers. The freedom to be able to tinker with your device until infinity, or the freedom to have a device which works predictably so it does the job you're set up to do. Apple has always been about the latter.

Edited 2011-11-04 18:57 UTC

Reply Score: 0

RE: Good move
by JAlexoid on Fri 4th Nov 2011 16:00 UTC in reply to "Good move"
JAlexoid Member since:
2009-05-19

Apple was the first one to actually try and pull this off on such a big scale. On the App Store, they did well enough that both users and developers benefitted. I seriously doubt apps on the iOS platform would have been such a huge deal if it weren't for the App Store. I'd say give them some credit for actually trying to make this change for the better happen.

iOS AppStore was a new thing. there was no "big scale" or "change" anything. This is a major change to an existing software delivery process.
They may be able to fine tune it to have it work as well as iOS, but this will have a lot more veteran MacOS developers up in arms.

Reply Score: 3

v RE[2]: Good move
by frderi on Fri 4th Nov 2011 18:27 UTC in reply to "RE: Good move"
RE[3]: Good move
by Thom_Holwerda on Fri 4th Nov 2011 18:40 UTC in reply to "RE[2]: Good move"
Thom_Holwerda Member since:
2005-06-29

Other mobile platforms before it didn't have App Stores


Really? My Sharp Zaurus PDAs beg to differ. The Sidekick from Danger begs to differ.

Revisionist history much?

Reply Score: 5

v RE[4]: Good move
by frderi on Fri 4th Nov 2011 19:33 UTC in reply to "RE[3]: Good move"
RE[3]: Good move
by JAlexoid on Fri 4th Nov 2011 23:29 UTC in reply to "RE[2]: Good move"
JAlexoid Member since:
2009-05-19

Sure there was.

There was a commonly used iOS app store before that AppStore arrived on the iOS scene? Now that is big news to me...

gaping holes leave a space for newer, more modern apps to spring up, apps that wouldn't have seen the light of day if the legacy app using obsolete code still was around.

And that would be the case if these restrictions would add something beneficial, like the move from Carbon to Cocoa. However, this move is ill thought-out and brings only new restrictions not functionality(as it stands today).

Reply Score: 2

RE: Good move
by Neolander on Fri 4th Nov 2011 17:44 UTC in reply to "Good move"
Neolander Member since:
2010-03-08

You raise some interesting points.

First, I agree with you that it's difficult for a legacy operating system to make application sandboxing mandatory. Some compatibility will be broken, sooner or later. However, OS vendor control on applications is not the only way to do that. You can also do it the Microsoft way, by pushing an OS release that breaks compatibility, but is advantageous in other ways, like Windows x64 breaks DOS compatibility. At some point, everyone will use the new release, although it can take some time.

Reply Score: 2

RE[2]: Good move
by frderi on Fri 4th Nov 2011 19:26 UTC in reply to "RE: Good move"
frderi Member since:
2011-06-17

First, I agree with you that it's difficult for a legacy operating system to make application sandboxing mandatory. Some compatibility will be broken, sooner or later. However, OS vendor control on applications is not the only way to do that. You can also do it the Microsoft way, by pushing an OS release that breaks compatibility, but is advantageous in other ways, like Windows x64 breaks DOS compatibility. At some point, everyone will use the new release, although it can take some time.


True, but name me one digital protection scheme which hasn't been compromized. Whenever there's software, there's bugs, and whenever there's bugs, there's exploits. DVD Copy protection, Blu-Ray, SSL Certificates are all living proof of this.


Second, although the implementation is more than perfectible, Android showcases that sandboxing can be introduced on a new OS without draconian OS vendor control.


To what benefit? Android leads the pack by far in terms mobile OS exploits.


Third, you state that vendor-controlled application stores make it easier to find and install software.


It makes it far more easier for the bulk of the non-tech users to find their software, since the Mac App Store is installed and available by default on the system.


word of mouth remains the main way of discovering new software with or without app stores.


For a couple of apps, yes. for many others, no. If you're a heavy user of a certain productivity suite to do the grunt of your work, the chance is big you already know the app you're going to install. But there generally won't be many of these apps sitting on your system. For most of the smaller utilities, where you are looking for a solution for a functionality you are missing, a centralized system which lists the available software is more beneficial. And often times, one gets to know newer, better alternatives when searching apps on a big app aggregator, you wouldn't have had the same convenient list of available applications with just a few keystrokes while using search engines like Google.

As for installation itself, it is made easy not by the use of app stores themselves, but by the standard application packages they use. You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy).


I think uncurated payment over the internet is currently not without its quirks, they're a mixed bag in terms of user experience at best. There might be delays between the purchase and the availability of the application to the end user because of limited resources in purchase processing at the application vendor, vendor-provided payment systems might not be up to par to security precautions and are more prone to be compromised and their information harvested, or worst of all, the vendor might not deliver on the goods at all, because of scam schemes or because they just went out of business. The Mac App Store eliminates all these. It offers a streamlined and predictable purchase and install process that is not available at this level on other software aggregators on the internet.

Edited 2011-11-04 19:35 UTC

Reply Score: 1

RE[3]: Good move
by Neolander on Fri 4th Nov 2011 21:08 UTC in reply to "RE[2]: Good move"
Neolander Member since:
2010-03-08

True, but name me one digital protection scheme which hasn't been compromized. Whenever there's software, there's bugs, and whenever there's bugs, there's exploits. DVD Copy protection, Blu-Ray, SSL Certificates are all living proof of this.

I'd argue that DVD and Blu-Ray encryptions are broken by design, like many other forms of DRM, because they rely on distributing a "secret" copy of the decryption key with every single device and software that can playback them. In such circumstances, it is obvious that the decryption key will be leaked by someone at some point.

SSL Certificates have a bit of this "secret known by a large crowd" problem too : in an organization that is large enough to validate hundreds of websites a day, can people really guarantee that no employee will ever go rogue and use his certification authority for nefarious purposes ? Come on...

To the best of my knowledge, there is no such known flaw with the design of sandboxing in itself. What requires extreme care is the default permission set which every software gets, because it cannot be easily changed after a release. But pretty much every other kind of flaw can be fixed with OS updates without any loss of compatibility among API-compliant software.

"Second, although the implementation is more than perfectible, Android showcases that sandboxing can be introduced on a new OS without draconian OS vendor control."

To what benefit? Android leads the pack by far in terms mobile OS exploits.

This is why I'm talking about the quality of the implementation. On Android, the default sandbox settings are very restrictive, so that pretty much every application requires special security permissions, needs to get out of the sandbox. As a consequence of that, the dialog used to confirm those permissions is very subtle and frequent, and as such few users bother checking it.

Then there are exploits which avoid the sandbox altogether. Those rely on the fact that system components, which are most likely to be exploited, are not sandboxed properly themselves. I don't know Android well enough to tell what kind of vulnerability it has, but on iOS there was a vulnerability that allowed root access to iDevices by opening a specially crafted PDF file. My question is : why is the PDF reader able to get root access to the device at all ? With proper sandboxing, an exploit in the PDF reader would only allow a cracker to have a look at the PDF reader's private data, which is a much, much less interesting trick.

"Third, you state that vendor-controlled application stores make it easier to find and install software."

It makes it far more easier for the bulk of the non-tech users to find their software, since the Mac App Store is installed and available by default on the system.

Fair point, but doesn't this argument also hold for other repository systems where you can freely add other software sources to your OS beyond the vendor-provided one ?

"word of mouth remains the main way of discovering new software with or without app stores."

For a couple of apps, yes. for many others, no. If you're a heavy user of a certain productivity suite to do the grunt of your work, the chance is big you already know the app you're going to install. But there generally won't be many of these apps sitting on your system. For most of the smaller utilities, where you are looking for a solution for a functionality you are missing, a centralized system which lists the available software is more beneficial.

It will also put you in front of heaps of thousands of different software to do the same thing, with no quick way of deciding what works best for your purposes except for relatively flawed indicators such as "featured" or "frequently downloaded" (also known as "popular" in some circles).

So since exploring everything and making informed choices is not envisionable for most people in such centralized systems, you end up relying on others (magazines, websites, relatives...) to do the work for you. Which is why I say that word of mouth remains the #1 way of finding software even in big centralized software libraries.

And often times, one gets to know newer, better alternatives when searching apps on a big app aggregator, you wouldn't have had the same convenient list of available applications with just a few keystrokes while using search engines like Google.

This is the positive side of things. The negative side of things is that if there's a lot of choice you'll end up going through a lot of uninteresting garbage (for you !) before finding what you're looking for.

As an aside, I rarely use Google or iterative repository exploration to choose software myself. I only do that for stuff which I'm not deeply interested in. For stuff which I care more about, I try to find a good website/magazine/book/specialist on that matter and to follow its advice. But you may argue that I'm not part of "non-tech users", and as such may work differently.

"You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy)."

I think uncurated payment over the internet is currently not without its quirks, they're a mixed bag in terms of user experience at best. There might be delays between the purchase and the availability of the application to the end user because of limited resources in purchase processing at the application vendor,

Fair point. Centralization does allow for some performance optimization.

vendor-provided payment systems might not be up to par to security precautions and are more prone to be compromised and their information harvested,

Which is why I'm a PayPal advocate : the transaction is managed by a large third party which is specialized in managing online transactions and as such can take the right decisions as far as security is concerned.

Now, you may argue that it is the same thing with Apple. Yet there is a difference. Apple are the developers of Mac OS and own many large software on the Mac platform, they are not a neutral third-party when it comes to taking decisions about what software gets allowed on their platform. PayPal are only a banker, and as such don't give a damn about what transactions they process as long as it financially benefits their business (which is largely unrelated to desktop/mobile software). Also, Paypal don't want the bad PR of banning important customers unless they really can't avoid doing otherwise, while Apple are crazy enough to do it anyway ("Zomg ! Images of prehistoric women WITH BREASTS ??? BURN !!!").

or worst of all, the vendor might not deliver on the goods at all, because of scam schemes or because they just went out of business.

Vendors only get out of business once, and it takes a finite and short time to do that, so I believe this is a relatively minor concern. About scam, when you buy something on Apple's App Stores, you have to make a purchase decision based on a description that has been written on the software's vendor. If it's incorrect, I don't know if you can get a refund from Apple, but PayPal do have a refund policy when the vendor doesn't provide the expected good.

Edited 2011-11-04 21:15 UTC

Reply Score: 2

RE[4]: Good move
by frderi on Sat 5th Nov 2011 00:53 UTC in reply to "RE[3]: Good move"
frderi Member since:
2011-06-17

I'd argue that DVD and Blu-Ray encryptions are broken by design, like many other forms of DRM, because they rely on distributing a "secret" copy of the decryption key with every single device and software that can playback them. In such circumstances, it is obvious that the decryption key will be leaked by someone at some point.


The biggest problem when it comes to security is software bugs. The bulk of exploits are based on the fact that there's a bug in the software that facilitates buffer overruns which allows one to execute code. The only way of making sure your system isn't compromised is to unplug it from the network and write the software it runs yourself. However, this doesn't tend to be a desirable use case these days. :-) Bottom line : Everything which is software is breakable. The point with running sensible security measurements is that you need to minimize the risks as much as possible.


To the best of my knowledge, there is no such known flaw with the design of sandboxing in itself.


As with any software implementation, its bound to have bugs and thus its exploitable. If the zero-day bug gets discovered by someone looking for them who has ill intentions, most of the time this information just gets sold in black markets online and it ends up in the hands of malware writers which exploit them in their code.

My question is : why is the PDF reader able to get root access to the device at all ?


Point is it doesn't have to have to be exploitable, a bug which allows for improper code execution is enough.


With proper sandboxing, an exploit in the PDF reader would only allow a cracker to have a look at the PDF reader's private data, which is a much, much less interesting trick.


Not necessarily. If memory is written outside the applications heap, its more than likely to have full access to the system allowing the malicious code (not the app itself) for any anything it wants to do.


Fair point, but doesn't this argument also hold for other repository systems where you can freely add other software sources to your OS beyond the vendor-provided one ?


Sure it does, and in the desktop space, there's been quite a few of them : tucows, download.com, versiontracker and macupdate are just a few. But these are merely aggregators not App Stores. They offer no guarantee of the purchase process and in most cases even about the availability of the listed application.



It will also put you in front of heaps of thousands of different software to do the same thing, with no quick way of deciding what works best for your purposes except for relatively flawed indicators such as "featured" or "frequently downloaded" (also known as "popular" in some circles).


Not if you know what functionality you're looking for. You might search for an unrar app, a VNC client, an RSS Reader, … Doing those searches conveniently pops up a list of all available apps allowing you to pick the one with the functionality and price point you find appropriate for your needs.


So since exploring everything and making informed choices is not envisionable for most people in such centralized systems, you end up relying on others (magazines, websites, relatives...) to do the work for you. Which is why I say that word of mouth remains the #1 way of finding software even in big centralized software libraries.


You're more likely being served in a better way if you just consult the app ratings and read the user reviews in the App Store. Why wait 2 months for a published magazine to pick up a newly released app? This used to be my methodology of working in the past, but now we're talking about the nineties, when broadband wasn't among us yet and magazines with CD-ROMs were still a huge deal.


This is the positive side of things. The negative side of things is that if there's a lot of choice you'll end up going through a lot of uninteresting garbage (for you !) before finding what you're looking for.


You browse trough the list, you look at the user ratings, reading the reviews and description, and look at the screenshots. I don't see much difference in the selecting process. When you like something its a quick trip to the the buy button and you have it working. Instant gratification. The barrier can't get much lower than this.

Reply Score: 1

RE[5]: Good move
by Neolander on Sat 5th Nov 2011 09:13 UTC in reply to "RE[4]: Good move"
Neolander Member since:
2010-03-08

The biggest problem when it comes to security is software bugs. The bulk of exploits are based on the fact that there's a bug in the software that facilitates buffer overruns which allows one to execute code.

As far as I know, buffer overruns are not a fatality, and protections exist against them : read-only code and canaries at the CPU level, fixed-length buffers at the API level... But I agree with your general point that every software implementation is breakable, which is why careful testing of critical code and regular updates are so important.

"My question is : why is the PDF reader able to get root access to the device at all ?"

Point is it doesn't have to have to be exploitable, a bug which allows for improper code execution is enough.

"With proper sandboxing, an exploit in the PDF reader would only allow a cracker to have a look at the PDF reader's private data, which is a much, much less interesting trick."

Not necessarily. If memory is written outside the applications heap, its more than likely to have full access to the system allowing the malicious code (not the app itself) for any anything it wants to do.

Wait a minute...

On x86 CPUs, and I'm pretty sure it's the case on ARM too, there's a MMU and memory protection. When this feature is used to implement processes, the net result is that every software lives in a "private" chunk of RAM, and only communicates with other software through controlled communication channels.

So if a given software runs amok, it should only run amok within the boundaries of what it's allowed to do. Am I correct ?

Sure it does, and in the desktop space, there's been quite a few of them : tucows, download.com, versiontracker and macupdate are just a few. But these are merely aggregators not App Stores. They offer no guarantee of the purchase process and in most cases even about the availability of the listed application.

Not if you know what functionality you're looking for. You might search for an unrar app, a VNC client, an RSS Reader, … Doing those searches conveniently pops up a list of all available apps allowing you to pick the one with the functionality and price point you find appropriate for your needs.

Fair point : there is a trade-off between general usage convenience and decentralization. A centralized system gives an unreasonable amount of power to the repository owner, but also means centralized knowledge about software availability.

You're more likely being served in a better way if you just consult the app ratings and read the user reviews in the App Store.

Ratings and reviews are a mixed bag, in my experience. Sometimes they work, sometimes they don't.

Let's talk about ratings, first. While it is very easy to give binary ratings to stuff which you feel is excellent or extremely bad, it is much harder to express mixed feelings in a rating, and if a large number of people do it the information is likely to be averaged away. Typically, I take a rating that is less than "perfect" as a warning, but it doesn't give me much more information without an attached written reviews.

As for reviews themselves, when you're dealing with a small and informed user base, such as on some computer hardware websites, they can be very helpful. But when the user base grows, there is a growing number of parasites who post poor-quality reviews, or stuff which does not even qualify as a review (the "I have a big dick" or "First" variety of comments). On frequently reviewed software, the noise often ends up erasing the insightful information, unless you're ready through 4 pages of comments to get an idea about each piece of software.

To fight this tendency, some websites which use ratings and reviews, like Amazon, have a way for users to say "this review is insightful" or "this review did not help", which in my experience works quite well. But I don't think Apple have this in their stores.

Why wait 2 months for a published magazine to pick up a newly released app? This used to be my methodology of working in the past, but now we're talking about the nineties, when broadband wasn't among us yet and magazines with CD-ROMs were still a huge deal.

This is why I also mentioned websites and relatives, which in the Internet age are sure much faster than magazines ;) Magazines still have their use though, as they can provide higher-quality reviews than other solutions for "big" software which doesn't change a lot in time such as office suites, image and video editors, CAD tools...

You browse trough the list, you look at the user ratings, reading the reviews and description, and look at the screenshots. I don't see much difference in the selecting process. When you like something its a quick trip to the the buy button and you have it working. Instant gratification. The barrier can't get much lower than this.

Again, you're right that centralization does have its good sides, including convenience for everyday use.

Reply Score: 2

RE[4]: Good move
by frderi on Sat 5th Nov 2011 00:54 UTC in reply to "RE[3]: Good move"
frderi Member since:
2011-06-17


You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy). Which is why I'm a PayPal advocate : the transaction is managed by a large third party which is specialized in managing online transactions and as such can take the right decisions as far as security is concerned.


Paypal is also a lot more complex and it doesn't offer you the guarantee that the vendor is genuine. The Mac App Store is all about one-click purchasing to make the purchase experience as simple as possible.


Now, you may argue that it is the same thing with Apple. Yet there is a difference. Apple are the developers of Mac OS and own many large software on the Mac platform, they are not a neutral third-party when it comes to taking decisions about what software gets allowed on their platform.


If you know a bit about Apple as a company, you know that Apple makes money off its hardware. They're a product company, selling solutions to customers, but when it comes to making money, its the devices, the hardware that makes the money, not the software. The software is an unique selling point for their hardware. Which is the main reason they do low-cost software and bundle entry level apps for free and ship low cost upgrades unlike companies which view themselves as software companies and try to maximize profits on their software products.

Granted, they did several pro apps as well, but if you know what happened behind the scenes of these products and how Apple ended up with them, its more that Apple rolled into them than anything else. Apple never planned to do Final Cut Pro. It was a project at Macromedia from the creator of Premiere before Macromedia refocused on serving the internet application space and ended up merging with Adobe. Apple took it off Macromedia's hands because they knew it was a good product, they wanted it on their platform badly in order to ensure hardware sales, but nobody was interested in bringing Final Cut to market for their platform. They tried selling it for two years after they bought it, but still nobody was interested. They eventually just kept it and sold it themselves at a reduced price because of the positive effects it would have on their hardware sales.

Apple aren't all that interested in competing with with their app providers just for the sake of getting more software sales. There's no money (and gain) for Apple to do all the software for their platform. Its not what they're about. Apple chooses to do a few products as well as they can and ignore the rest so total software dominination does not fit in this vision. They tend to do entry level consumer apps to provide entry level solutions to their customers, and are happy leave the pro stuff to others. Suites like iWork basically is AppleWorks for the 21st century, an entry level app. As a testament to this, apple never did a fully fledged productivity suite for their platform, unlike some of their competitors like Sun or Microsoft did.


"Zomg ! Images of prehistoric women WITH BREASTS ??? BURN !!!").


You can always consult the CD-ROMs of magazines for apps which display prehistoric women with breasts… Oh wait. :-)


Vendors only get out of business once, and it takes a finite and short time to do that, so I believe this is a relatively minor concern.


I was only giving some examples, big and small, to illustrate my argument that everything else is a mixed bag and what makes a centralised purchase store better.

Reply Score: 1

RE[5]: Good move
by Neolander on Sat 5th Nov 2011 12:20 UTC in reply to "RE[4]: Good move"
Neolander Member since:
2010-03-08

Paypal is also a lot more complex

A bit, sure, but a lot ?

Billing with a typical app store : Click buy, enter password, payment done.
Billing with paypal : Click buy, check that you are actually on paypal and that the bill is correct, enter password, payment done.

The extra visual scan is pretty quick.

What I agree is more uncertain is what happens after payment, the part which does not depend on Paypal themselves. Some vendors redirect you to a download link, some vendors send you an e-mail, some vendors manually check incoming orders... This would benefit from a bit of uniformization. But nothing there which user experience guidelines and vendor-provided software distribution tools couldn't fix.

and it doesn't offer you the guarantee that the vendor is genuine.

What do you mean by that ? If I see a nice RSS reader on the Mac App Store, download it, run it, and it turns out that it's actually a basic program which displays a silly picture of a cat with subtext "you got owned !", what is the difference ?

The Mac App Store is all about one-click purchasing to make the purchase experience as simple as possible.

It is a given that purchases are simpler, what I'm wondering about is if it's worth the cost of putting a single entity in control of anything a computer may run.

When I see Apple banning the Wikileaks app from un-jailbroken iOS, Google forcefully removing apps from users' devices from a distance, or Apple remotely bricking iPhone prototypes... I believe that the amount of control which we let others have on cellphones is scary. Current mobile OSs are an evil dictator's dream toy, is that really the future we want on every computer in the long run ?

If you know a bit about Apple as a company, you know that Apple makes money off its hardware. They're a product company, selling solutions to customers, but when it comes to making money, its the devices, the hardware that makes the money, not the software. The software is an unique selling point for their hardware. Which is the main reason they do low-cost software and bundle entry level apps for free and ship low cost upgrades unlike companies which view themselves as software companies and try to maximize profits on their software products. (...)

I think that Apple may be biased about which software they choose to allow on their platform even if they do not write competing software.

As an example, non-tech users' vision of hardware is affected by the software that runs on it. So if some iPhones or Mac are known to run questionable software, it may affect people's decision to buy or not buy this hardware. Therefore, Apple may be tempted to allow or disallow the existence of some software on their platform, depending on what they believe will maximize sales. And I guess this is what they do when they play morality guardians and ban stuff that contains nudity or illegal material on their own free will.

I don't think this is a sane behavior. It is fine for an OS vendor to advice for and against specific software, but not to ban stuff altogether from people's sight as happens of iOS and may happen on Mac OS at some point. For a flawed real-world analogy, I would understand that my favorite book shop does not have a book I like on its shelves, but if the owner refused taking orders of books she doesn't like, I'd find another book shop.

Maybe others would disagree with that though.

""Zomg ! Images of prehistoric women WITH BREASTS ??? BURN !!!")."

You can always consult the CD-ROMs of magazines for apps which display prehistoric women with breasts… Oh wait. :-)

Well, wasn't the point of these magazine apps to introduce on-device content that is updated from the web on the fly instead of going through this kind of bulky procedures ? ;)

Reply Score: 2

RE[3]: Good move
by JAlexoid on Fri 4th Nov 2011 23:35 UTC in reply to "RE[2]: Good move"
JAlexoid Member since:
2009-05-19

To what benefit? Android leads the pack by far in terms mobile OS exploits.


Since Android most exploits are actually social engineering exploits*, not technical ones, iPhone leads in phishing exploits by a wide margin.
On the technical exploits side iOS and Android are on equal footing.

* - the one's that you are counting.

Reply Score: 2

RE[4]: Good move
by frderi on Sat 5th Nov 2011 01:00 UTC in reply to "RE[3]: Good move"
frderi Member since:
2011-06-17


Since Android most exploits are actually social engineering exploits*, not technical ones, iPhone leads in phishing exploits by a wide margin.
On the technical exploits side iOS and Android are on equal footing.


I don't know under which rock you have been hiding, you might want to read up on this to review your opinion.

http://reviews.cnet.com/8301-19512_7-20096832-233/android-malware-u...

http://www.phonearena.com/news/Android-security-issues-soaring-warn...

http://www.computerweekly.com/Articles/2011/10/28/248306/Android-no...

Reply Score: 1

RE[5]: Good move
by JAlexoid on Sat 5th Nov 2011 16:05 UTC in reply to "RE[4]: Good move"
JAlexoid Member since:
2009-05-19

Are you having issues at understanding the word "technical"? Or are you the type of person that thinks that all malware is based on technical exploits?

PS: You might have had issues with that rock over your had also http://downloadsquad.switched.com/2011/01/07/iphone-users-most-vuln...

PPS: Not a single link that you provide lists a single bug. While I can list at least 2 vulnerabilities(1 remote and 1 local) in Android and 2 remote code execution vulnerabilities in iOS.

Edited 2011-11-05 16:09 UTC

Reply Score: 2

RE: Good move
by Neolander on Fri 4th Nov 2011 18:03 UTC in reply to "Good move"
Neolander Member since:
2010-03-08

Second, although the implementation is more than perfectible, Android showcases that sandboxing can be introduced on a new OS without draconian OS vendor control.

Third, you state that vendor-controlled application stores make it easier to find and install software. I believe this is quite a suspicious statement. Finding good software in huge repositories is actually quite long and difficult, and word of mouth remains the main way of discovering new software with or without app stores. As for installation itself, it is made easy not by the use of app stores themselves, but by the standard application packages they use. You are right that application stores are better for paying applications, though, but I don't know up to which point (PayPal is a universal mean of buying software on the internet, and software can use the same kind of DRMs as app stores to reduce piracy).

Reply Score: 3

RE: Good move
by Neolander on Fri 4th Nov 2011 18:10 UTC in reply to "Good move"
Neolander Member since:
2010-03-08

Finally, as for iOS owing its success to its App Store, I'm again quite skeptical. The first iPhone sold extremely well without having it, and Unix repositories, which are extremely close ancestors, have never allowed the Linux desktop to get a strong foothold outside of the corporate world, so I'm not sure there is a clear-cut relationship between both.

Reply Score: 1

non-biased article here
by kovacm on Fri 4th Nov 2011 08:55 UTC
kovacm
Member since:
2010-12-16
RE: non-biased article here
by NathanHill on Fri 4th Nov 2011 14:23 UTC in reply to "non-biased article here"
NathanHill Member since:
2006-10-06

I appreciated this link.

Again, my only advice to Thom on this article would be to include other opinions, if there are any. The link above indicates that great Mac developers like Agile (makers of the uber cool 1Password) are cool with sandboxing, even if it does mean some trade offs.

I would have appreciated more context on what sandboxing is, how many other operating systems use it, etc..

It seems to me that Apple won't disapprove of an ftp application, because accessing a remote server is within its basic functionality.

On the other hand, if I submit a JPG to PNG converter utility and it needs to access a remote server every time it starts up, probably a poorly designed program and a security risk. Is that the idea behind sandboxing? Or is it more about keeping apps within their own boundaries to minimize bugs and other issues?

Reply Score: 2

RE[3]: non-biased article here
by openwookie on Sun 6th Nov 2011 01:45 UTC in reply to "RE[2]: non-biased article here"
openwookie Member since:
2006-04-25

Meh, displaying bias to ramp up outrage generates more page views.

Apple bashing is a sport around here.

Reply Score: 2

RE: non-biased article here
by JAlexoid on Fri 4th Nov 2011 16:03 UTC in reply to "non-biased article here"
JAlexoid Member since:
2009-05-19

It's covertly biased against the changes. Don't even think it's not biased.

Reply Score: 2

Comment by MOS6510
by MOS6510 on Fri 4th Nov 2011 12:55 UTC
MOS6510
Member since:
2011-05-12

I can understand Apple taking this route. As users download stuff from the Apple owned app store Apple doesn't want them to download any malware and have it become their problem too.

Most apps probably will have no problem living in a sandbox and it's more secure for the user's system.

But I would mind if the app store became the only way to install software.

Reply Score: 3

double edged sword
by JeffS on Fri 4th Nov 2011 16:06 UTC
JeffS
Member since:
2005-07-12

Apple has proven that it's going to do whatever the heck it wants to, complaints by techies be damned, and keep on raking in the cash.

This latest move makes sense from a security stand point. Ideally, all apps should be sand boxed. You kind of get that with Java and .Net apps (or any other VM, mangaged code runtime/language).

However, it's a bit of double edged sword because sand boxing can cause huge limitations on what apps can do. Ultimately, this has the potential of reducing the value of the Mac platform. If all apps on a Mac can do is simple games or twitter type apps, then real useful stuff like Photoshop will be well, less useful. This won't affect the average user who just browses the web or plays games. But it will push away the professional market, or just general productivity workers.

In short, it could reduce the Mac platform to just games and web browsing. Well, iOS is essentially there already.

Reply Score: 4

iOS was not designed to be first computer
by Sabon on Fri 4th Nov 2011 17:19 UTC
Sabon
Member since:
2005-07-06

I could, and almost did, ramble on about this subject including the still poor security in Windows and the "not for prime time" Linux distros.

Security is a need. Computers do not live in Mayberry (TV show from a long time ago) where the biggest crime is a parking ticket. Computers live in the worst neighborhood on the planet.

Microsoft says that viruses are the fault of users. That arrogant and ******* mentality needs to be cut from Microsoft.

Viruses are not like burglars that are visible. Viruses are like invisible creatures that don't need the doors and maybe windows we use to get into our houses or where we work. Viruses are more like Radon that seeps into your house and kills you or at least can make you very sick.

Choosing Linux, at least for most people, is like moving to a remote part of Alaska where you have to do pretty much everything for yourself. Linux is getting closer but it is not there yet and most people want to live in cities and not in remote Alaska.

That is only one of the reasons they turn to Windows. The other is that you can't go into best buy, pick a computer and say, "I want Linux on this" and right then and there take it out of the store and turn it on and it, "just works". Linux isn't available like that and it doesn't, "just work" for most people.

So people are stuck with Windows or maybe Macs. As Macs become more popular the virus writers are taking it more seriously and Apple has to take viruses more seriously also.

Since Apple doesn't currently review all programs on Macs in the Mac App Store like it does for iOS devices, the only way to protect users more is sand boxing. It's only logical.

Reply Score: 1

Comment by frderi
by frderi on Sat 5th Nov 2011 13:47 UTC
frderi
Member since:
2011-06-17


So if a given software runs amok, it should only run amok within the boundaries of what it's allowed to do. Am I correct ?


No. I'm not 100% acquainted on the technical details on the matter, but its my understanding that there are several types of buffer overflows one can exploit to get root on a system, depending on the system and architecture. On Android/ARM for example, it remains entirely possible to wield a browser vulnerability to get malicious code shell access, after which its relatively trivial to gain root and do all sorts of nasty stuff.


Fair point : there is a trade-off between general usage convenience and decentralization. A centralized system gives an unreasonable amount of power to the repository owner, but also means centralized knowledge about software availability.


My comments on Apple as a software vendor still apply. This isn't a big deal when there is no conflict of interest.



some websites which use ratings and reviews, like Amazon, have a way for users to say "this review is insightful" or "this review did not help", which in my experience works quite well. But I don't think Apple have this in their stores.


Last time I checked, they have a thumbs up-thumbs down style of rating for reviews.


Magazines still have their use though, as they can provide higher-quality reviews than other solutions for "big" software which doesn't change a lot in time such as office suites, image and video editors, CAD tools...


What I miss the most about those times were the in-depth editorials about things you wouldn't have thought of, the gems they hand picked for you. However, I still ended up dumping my magazine subscriptions after I got online because most of the information in them was so horribly out of date. Lets hope initiatives like NewsStand can bring back the great editiorials of the past to a wider audience again.


A bit, sure, but a lot ?


Its not only the purchase process, but the whole setup of the thing. Before you say "But..." I'd like you to consider your joe sixpack neighbour which doesn't know a lot about computers, or your aunt Emma who just happens to have this sort of need. Its these small things that we techies take for granted that a lot of normal users find very intimidating and which hamper them from what they're set out to do.


What do you mean by that ? If I see a nice RSS reader on the Mac App Store, download it, run it, and it turns out that it's actually a basic program which displays a silly picture of a cat with subtext "you got owned !", what is the difference ?


The type of application you mention will never make it trough the App Store's reviewal process, it will simply get rejected for "not working as advertized". Thus you will never find an application like that on the App Store. Which kind of proves the point for a curated market place. Its also the same kind of editorial you find in quality magazines or websites.


Current mobile OSs are an evil dictator's dream toy, is that really the future we want on every computer in the long run ?


I'm more of an optimist than you are, I don't see the future as Orweillian as you do. I'm just not a proponent of the "one OS for every device" like so many Android zealots seem to lust for. They think that for Android to win everyone else in the game needs to lose. I'm much more a proponent of a diversified platform approach. I know, developers are lazy and would prefer just to have to code for one platform, but I'm looking at it from a user perspective. And having used technology for over twenty years now I can attest that when one single platform dominates, it stifles innovation and the end user ends up being the culprit. The desktop PC space can testify for this.


For a flawed real-world analogy, I would understand that my favorite book shop does not have a book I like on its shelves, but if the owner refused taking orders of books she doesn't like, I'd find another book shop.


I don't know where you're at, but in my country I know a lot of shops that will simply refuse to take orders for rare stuff for various reasons… Shop owners decide what to carry and what they don't carry, and what they place in their front windows.


wasn't the point of these magazine apps to introduce on-device content that is updated from the web on the fly instead of going through this kind of bulky procedures ?


IMO NewsStand offers a much better approach for magazines.

Reply Score: 0

RE: Comment by frderi
by Neolander on Sat 5th Nov 2011 17:41 UTC in reply to "Comment by frderi"
Neolander Member since:
2010-03-08

No. I'm not 100% acquainted on the technical details on the matter, but its my understanding that there are several types of buffer overflows one can exploit to get root on a system, depending on the system and architecture. On Android/ARM for example, it remains entirely possible to wield a browser vulnerability to get malicious code shell access, after which its relatively trivial to gain root and do all sorts of nasty stuff.

It is my understanding that in such a case, you actually need at least two vulnerabilities. One to make the web browser execute arbitrary code, and one to make this code break through the OS-level isolation of the web browser. The second vulnerability lies not in the web browser itself, but in system software which it relies on, system software that does itself run as root. But I am not a computer security expert either, so I guess we're stuck there.

"Fair point : there is a trade-off between general usage convenience and decentralization. A centralized system gives an unreasonable amount of power to the repository owner, but also means centralized knowledge about software availability."

My comments on Apple as a software vendor still apply. This isn't a big deal when there is no conflict of interest.

Just like having nuclear weapons around is not a big deal as long as no homicidal maniac get his hands on one...

Last time I checked, they have a thumbs up-thumbs down style of rating for reviews.

Is it used frequently ? I may have missed it on Mac OS, as I've mostly deal with the iOS app store.

What I miss the most about those times were the in-depth editorials about things you wouldn't have thought of, the gems they hand picked for you. However, I still ended up dumping my magazine subscriptions after I got online because most of the information in them was so horribly out of date. Lets hope initiatives like NewsStand can bring back the great editiorials of the past to a wider audience again.

I don't think that online publishing will ever address the time it takes to write a good article. While everyday news can be reported in a day or two, good full-length articles can take weeks or even months to write. Which makes magazine-style publishing only suitable for stuff that has a slow publication rate ("big apps"), and can be well-grasped by monthly publications.

Its not only the purchase process, but the whole setup of the thing. Before you say "But..." I'd like you to consider your joe sixpack neighbour which doesn't know a lot about computers, or your aunt Emma who just happens to have this sort of need. Its these small things that we techies take for granted that a lot of normal users find very intimidating and which hamper them from what they're set out to do.

But... ;)

This is, as I said before, not about app stores but the standard packages they use.

The other day, I bought Osmos for Fedora Linux, which happens to use standard software packages. I clicked a link on the developer's website, ended up on a Paypal page, checked everything, entered a password, received download links for my OSs by mail, downloaded and opened the right file, clicked the "install" button, and that was it.

Let's examine each individual step :
-Finding the developer's website : Everyone knows how to use a search engine, some people even abuse this knowledge
-Clicking a link : Knowing this is a prerequisite of Internet usage
-Using paypal : Requires a small amount of training, but not more than using an application store
-Accessing an e-mail account : Like clicking a link, pretty much a prerequisite of modern web surfing
-Downloading a file and clicking an "install" button : Pretty much a prerequisite of internet usage.

So that leaves one "techie" task to our Joe sixpack : remembering which OS he runs. Frankly, acquiring such a limited amount of knowledge is like learning how to use an alarm clock : you bump on stuff once or twice, then you are able to do what you want.

The type of application you mention will never make it trough the App Store's reviewal process, it will simply get rejected for "not working as advertized". Thus you will never find an application like that on the App Store. Which kind of proves the point for a curated market place.

This is a very rough review process that they have though. There are tons of applications on iOS which barely work at all, exhibit terrible performance or crashes, and still pass the App Store review process. Conversely, legit demos of commercial software, which allow users to try before buy, are not welcome on the App Store. And then there is this : http://www.destructoid.com/lugaru-shamelessly-resold-without-consen...

Its also the same kind of editorial you find in quality magazines or websites.

There are several important differences, though.

First, quality magazines and websites tend to focus on a small range of reviewed applications, and take a lot of care in reviewing them. While Apple employees just run new software for five minutes, check that it has no obvious flaw, and jump to the next one. They don't have the time to do more.

Second, if you discover that a website's review process is flawed (like, I don't know, they are paid by companies to write positive reviews of some software and negative reviews of others), you can just ditch that website and find another one of better quality. With Apple's system, if Apple's review process is flawed and ditches legit software (such as demos), there is no way you will ever get that software on your device through another mean, except if you feel like letting suspicious jailbreak code drill through your device's software protections.

"Current mobile OSs are an evil dictator's dream toy, is that really the future we want on every computer in the long run ?"

I'm more of an optimist than you are, I don't see the future as Orweillian as you do. I'm just not a proponent of the "one OS for every device" like so many Android zealots seem to lust for. They think that for Android to win everyone else in the game needs to lose. I'm much more a proponent of a diversified platform approach. (...)

While I think I would be a proponent of a "one OS for every device" strategy, I believe that I do not put the same meaning in those words.

For me, "one OS for every device" means that manufacturers do not have to reinvent computer usability each time a new device comes out. Cell phones behave like tablets, which behave like laptops and desktops and any future gimmicks which we don't know yet. The way users interface with the device changes slightly, but the overall behavior is the same. So like on those funky WebOS demos that were around a while ago, I can receive a mail on my cellphone while I'm on my way home, then put the cellphone on a dock, take a tablet, and continue reading my mail in a more comfortable fashion. Then reply on the laptop. And everything keeps a consistent feeling.

I do not want one OS to rule the whole computer world, but I want OSs to broaden their hardware and software horizons a bit. To this end, computers with locked-down hardware and software should also disappear, or at least become a minority.

I don't know where you're at, but in my country I know a lot of shops that will simply refuse to take orders for rare stuff for various reasons… Shop owners decide what to carry and what they don't carry, and what they place in their front windows.

In France, most smaller book shops will let you order any book that they don't have in store, provided that it's in the standard publishing circuit.

Edited 2011-11-05 17:50 UTC

Reply Score: 1

RE[2]: Comment by frderi
by frderi on Sat 5th Nov 2011 19:22 UTC in reply to "RE: Comment by frderi"
frderi Member since:
2011-06-17

It is my understanding that in such a case, you actually need at least two vulnerabilities. One to make the web browser execute arbitrary code, and one to make this code break through the OS-level isolation of the web browser. The second vulnerability lies not in the web browser itself, but in system software which it relies on, system software that does itself run as root. But I am not a computer security expert either, so I guess we're stuck there.


The net result is the same, a compromised device.

Just like having nuclear weapons around is not a big deal as long as no homicidal maniac get his hands on one...


I don't think the App Store has the capacity to nuke the planet. ;)


Is it used frequently ? I may have missed it on Mac OS, as I've mostly deal with the iOS app store.


Its still early days for the Mac App Store. I also think it will get off the ground slower, because its not an only way street like with iOS devices. I do think it'll gain popularity other time as new users flock in and discover it.


The other day, I bought Osmos for Fedora Linux, which happens to use standard software packages. I clicked a link on the developer's website, ended up on a Paypal page, checked everything, entered a password, received download links for my OSs by mail, downloaded and opened the right file, clicked the "install" button, and that was it.


I don't see Aunt Emma installing Osmos on her Linux box in the forseeable future though. ;)


Let's examine each individual step and find out what can go wrong with our friend Joe Sixpack when he wants to purchase an app online :
-Finding the developer's website : He ends up on a phishing site, which looks vaguely similar to the original one. Because he isn't that bright as we are he doesn't notice the difference.
-Using paypal : The site states only supports credit card, which requires him to enter his card details, which obviously gets stolen
-Downloading a file and clicking an "install" button : The installation installs a trojan, which infects his system with a keylogger after which it phones home to a remote C&C center to take on jobs in relaying email messages for spam and scam attempts.
[

I know I'm being overly sarcastic here, but you wouldn't believe the amount of questions I get on a regular basis from my customers if its "safe" to buy from a certain website. And even on trusted sites like Ebay, there are still scams going on. As a techie, I know where to look, like checking the WHOIS database of a site, examining security certificates and googling for info about said site, but a lot of users don't know how to do this. At least now I can say "buy from the App Store and you'll be okay".


The type of application you mention will never make it trough the App Store's reviewal process, it will simply get rejected for "not working as advertized". Thus you will never find an application like that on the App Store. Which kind of proves the point for a curated market place.
This is a very rough review process that they have though. There are tons of applications on iOS which barely work at all, exhibit terrible performance or crashes, and still pass the App Store review process.


Really? I never came across a software on the App Store which didn't work as advertized. Granted, I haven't tried all of them, I'm not that rich. ;)


Conversely, legit demos of commercial software, which allow users to try before buy, are not welcome on the App Store.


Sure they are. Gameloft, for example, publishes both free demos and paid versions of their games.



Apple had this app pulled fairly quickly though.


First, quality magazines and websites tend to focus on a small range of reviewed applications, and take a lot of care in reviewing them. While Apple employees just run new software for five minutes, check that it has no obvious flaw, and jump to the next one. They don't have the time to do more.

Second, if you discover that a website's review process is flawed (like, I don't know, they are paid by companies to write positive reviews of some software and negative reviews of others), you can just ditch that website and find another one of better quality. With Apple's system, if Apple's review process is flawed and ditches legit software (such as demos), there is no way you will ever get that software on your device through another mean, except if you feel like letting suspicious jailbreak code drill through your device's software protections.


I'm not saying there isn't headroom for improvement in Apple's reviewal process. The people who do it are mortals like you and me. However, especially for smartphones, I think its a good move to make, because of the added dangers of smartphones when compared to PCs.


I do not want one OS to rule the whole computer world, but I want OSs to broaden their hardware and software horizons a bit. To this end, computers with locked-down hardware and software should also disappear, or at least become a minority.


I don't share your view. Microsoft tried this approach (Windows Everywhere) to the smartphone and tablet market. It never became a success. It took a new way of doing things (iOS) which reinvented the basic concepts on how to deal with apps on a UI level for such a product to become usable. Other devices require other ways of doing things in order to be truly useful for the masses. If they don't succeed in this, they primarily end up being geek toys.


In France, most smaller book shops will let you order any book that they don't have in store, provided that it's in the standard publishing circuit.


The publishing cirquit in itself is also already a reviewing process.

Reply Score: 1

RE[3]: Comment by frderi
by Neolander on Sun 6th Nov 2011 12:01 UTC in reply to "RE[2]: Comment by frderi"
Neolander Member since:
2010-03-08

"It is my understanding that in such a case, you actually need at least two vulnerabilities. One to make the web browser execute arbitrary code, and one to make this code break through the OS-level isolation of the web browser. The second vulnerability lies not in the web browser itself, but in system software which it relies on, system software that does itself run as root. But I am not a computer security expert either, so I guess we're stuck there."

The net result is the same, a compromised device.

But the probability is much, much weaker. And if instead of crafting gigantic system components running as root you design the OS as a set of small components with limited responsibility and security permissions, the amount of chained exploits that one must use in order to, say, use a web browser to install a rootkit, becomes quite large.

I don't know it it would be enough to reduce the likeliness of being hacked to a "good enough" level, but I think it's worth trying. Even more since such modularization would also benefit code cleanness, stability, and maintainability.

I don't think the App Store has the capacity to nuke the planet. ;)

Isn't there an app for that yet ? ;)

I don't see Aunt Emma installing Osmos on her Linux box in the forseeable future though. ;)

This is debatable, but I don't want to go into this right now ;) I just needed an OS which I use regularly, and where there are standard packages for software installation. OSX also qualifies with its DMG packages, but that's not the best example of an easy-to-use installation package around (Mounting an image disk and dragging and dropping stuff around ? Why can't I just double-click that downloaded file to get stuff installed ?)

Let's examine each individual step and find out what can go wrong with our friend Joe Sixpack when he wants to purchase an app online :
-Finding the developer's website : He ends up on a phishing site, which looks vaguely similar to the original one. Because he isn't that bright as we are he doesn't notice the difference.

I disagree with this one to some extent. If you know what you're looking for, ending up on a phishing site is quite hard. If I take Google, Yahoo, or Bing and type "Osmos (game)", "Trine", or "SpaceChem", the first link will be the developer's website.

I give you that search engines do get hacked from time to time, though. It would be great if we didn't rely on them so much. But the internet has just grown that big...

-Using paypal : The site states only supports credit card, which requires him to enter his card details, which obviously gets stolen

I can tell ;) I have got a credit card for exactly 3 months before it was stolen, without doing anything obviously stupid with it. Credit cards on the internet is a mean of payment that is broken and insecure at a fundamental level, it shouldn't be used anymore. I wish kids would get told that, perhaps it would motivate bankers to come up with a mean of payment that actually works in the Internet age...

-Downloading a file and clicking an "install" button : The installation installs a trojan, which infects his system with a keylogger after which it phones home to a remote C&C center to take on jobs in relaying email messages for spam and scam attempts.

This actually cannot exist on a well-implemented sandboxed OS. If Joe Sixpack downloads a keylogger installer, he will have at some point to confirm that he gives this piece of software the right to sniff other software's input. Unlike with UAC/Android bullshit where privilege elevation warnings are an everyday annoyance, this is the first time that Joe sees this message when installing a game, so chances are high that he will feel that this is suspicious and cancel the installation.

I know I'm being overly sarcastic here, but you wouldn't believe the amount of questions I get on a regular basis from my customers if its "safe" to buy from a certain website. And even on trusted sites like Ebay, there are still scams going on. As a techie, I know where to look, like checking the WHOIS database of a site, examining security certificates and googling for info about said site, but a lot of users don't know how to do this. At least now I can say "buy from the App Store and you'll be okay".

And I think that this is lipstick on a pig. By doing this, you basically say to your users "you don't know what is good and you can't learn, so let Apple do that stuff for you". But at some point, everyone who spends time on the Internet needs to learn how to discriminate the legit from the scam, be it to a basic extent. Buying train tickets, books, doing online banking... Should all that also be done through the App store ?

Really? I never came across a software on the App Store which didn't work as advertized. Granted, I haven't tried all of them, I'm not that rich. ;)

I have, on iOS. Maybe there is a strong distinction between the iOS and Mac implementations of the App Store concept and I should take more care in specifying which one I'm talking about...

"Conversely, legit demos of commercial software, which allow users to try before buy, are not welcome on the App Store."

Sure they are. Gameloft, for example, publishes both free demos and paid versions of their games.

Then either this set of rules is wrong/not respected, or there is a strong difference between the iOS and Mac app stores and we should both specify what we're talking about : http://en.wikipedia.org/wiki/Mac_app_store

I'm not saying there isn't headroom for improvement in Apple's reviewal process. The people who do it are mortals like you and me. However, especially for smartphones, I think its a good move to make, because of the added dangers of smartphones when compared to PCs.

Are you talking about the extra amount of personal information that phones usually store ? But then, software really should not have access to that information under normal circumstances, and good sandboxing would do the trick.

I don't share your view. Microsoft tried this approach (Windows Everywhere) to the smartphone and tablet market. It never became a success.

Windows was not designed to run on anything but a desktop to begin with. As soon as you specify control position and size in pixels by hand, assume the existence of a "hover" functionality, or fill toolbars without taking care of what happens when window sizes are reduced, your software is already dead as far as cross-device portability is concerned.

And then there is also a serious bloat problem with desktop Windows, which is why phone-oriented releases tend to be based on the inferior and incompatible Windows CE version.

It took a new way of doing things (iOS) which reinvented the basic concepts on how to deal with apps on a UI level for such a product to become usable.

Reinvented on a UI level, really ? Icons, pointers, menus, toolbars, tabs... Current mobile OSs, iOS included, looks more like a set of tweak to the desktop UI paradigms than a reinvention of GUI design to me.

Other devices require other ways of doing things in order to be truly useful for the masses. If they don't succeed in this, they primarily end up being geek toys.

Because it hasn't been tried doesn't mean that it is impossible. If you consider interactions with software at a more abstract level than we currently do, there is no theoretical reason why cross-device portability could not be significantly improved...

But then, I suppose that I should shut up and go back to coding my OS, which aims at experimentally proving this point once I reach the "GUI" part, given that computers still allow running alternative OSs at that time ;)

The publishing cirquit in itself is also already a reviewing process.

Fair enough.

Reply Score: 1

RE[4]: Comment by frderi
by frderi on Sun 6th Nov 2011 14:33 UTC in reply to "RE[3]: Comment by frderi"
frderi Member since:
2011-06-17


But the probability is much, much weaker. And if instead of crafting gigantic system components running as root you design the OS as a set of small components with limited responsibility and security permissions, the amount of chained exploits that one must use in order to, say, use a web browser to install a rootkit, becomes quite large.


If you're already blown off your socks and find this improbable, you should really have a look at how the stuxnet worm works. THAT is scary stuff. If you haven't, it basically targetted specific Siemens controllers of nuclear purification machinery in a certain country. The worm needed to bridge a great distance over the internet, overcome the fact that these machines were not connected to a LAN (so it spread over USB as well), and needed to insert itself into the controller to cause havoc. And it all needed to do it on autopilot, remain undetected and not cause too much collateral damage in the process. Talk about digital warfare. If you read about how it achieved this, the kinds of exploits I mentioned earlier are kindergarten material.


Isn't there an app for that yet ? ;)


There was iNuke by ThePlanet, Inc. on the App Store for a short period, but Apple pulled the kill switch on it. Only minor countries got nuked. ;)

OSX also qualifies with its DMG packages, but that's not the best example of an easy-to-use installation package around (Mounting an image disk and dragging and dropping stuff around ? Why can't I just double-click that downloaded file to get stuff installed ?)


Downloading in Safari will automount the dmg and take out the application for you. For installing system components, you can create .pkg and .mpkg packages. And ofcourse, the App Store already puts the app in the right place for you. Come to think of it, I think not having installers on Mac is better, since contrary to windows, Mac apps don't need all the .dll stuff in the right places to run properly; It also makes clear to the user that running an app won't leave any potential nasty stuff spread around your system.

And I think that this is lipstick on a pig. By doing this, you basically say to your users "you don't know what is good and you can't learn, so let Apple do that stuff for you". But at some point, everyone who spends time on the Internet needs to learn how to discriminate the legit from the scam, be it to a basic extent. Buying train tickets, books, doing online banking... Should all that also be done through the App store ?


I wouldn't mind seeing dedicated software put out by these services to make the process more streamlined. Some of the more important services, like banking transactions for companies, use this approach.



Then either this set of rules is wrong/not respected, or there is a strong difference between the iOS and Mac app stores and we should both specify what we're talking about


I was referring to the iOS App Store. I don't know the reasoning behind disallowing demos of the Mac App Store, but I don't think its a good idea to disallow them.


Are you talking about the extra amount of personal information that phones usually store ? But then, software really should not have access to that information under normal circumstances, and good sandboxing would do the trick.


The access to personal information is just a minor one. Then again, not an unimportant one. Bigger dangers I think are the fact that smartphones have location-based functionality. This can be exploited for all sorts of nasty things. Another thing is that smartphones are basically tiny computers which are mostly always always-on always-connected devices. There will also a great many more of them than desktop PCs. The fact that they're mobile also makes them harder to crack down. Can you imagine a botnet on millions of smartphones? Last but not least smartphones are able to generate additional cost. And whenever there's cost, there's a potential for malicious profit. Thats why I think you need tighter control on smartphone OSes than you need on Desktop PC's. So I think its really crucial that you run up-to-date software on a modern smartphone and have the mechanisms in place to facilitate that. Since the risk for disaster is many times bigger than desktop computers.


Windows was not designed to run on anything but a desktop to begin with. As soon as you specify control position and size in pixels by hand, assume the existence of a "hover" functionality, or fill toolbars without taking care of what happens when window sizes are reduced, your software is already dead as far as cross-device portability is concerned.


Spot on. thats why other devices need other approaches when it comes to UI. But it doesn't stop at just the primary controls. Building a good tablet or smartphone UI is completely different than building a good Desktop app. You can't just "slap on" fixes for these basic controls and call it a day. You need to reimagine the app entirely.


And then there is also a serious bloat problem with desktop Windows, which is why phone-oriented releases tend to be based on the inferior and incompatible Windows CE version.


The primary reason for this is that Windows isn't modular enough and it being a jack of all trades. When you try too do too much, you tend to suck at everything.


Reinvented on a UI level, really ? Icons, pointers, menus, toolbars, tabs... Current mobile OSs, iOS included, looks more like a set of tweak to the desktop UI paradigms than a reinvention of GUI design to me.


Sure, reinvented. The basic building blocks are the same. But they took it down to the building block level and rearranged them in a way which would work well on mobile devices. A lot of the UI conventions and methodology that make sense on a desktop computer don't make sense at all on a mobile app. Mobile apps don't have windows, they work fullscreen. They use other input methods, like you said, they don't use a mouse, so everything tailored towards having a mouse becomes obsolete. This doesn't just include the obvious things like mouseover. It trickles down trough the entire concept of the UI, since the graphical UI's from personal computers were built towards serving the mouse as a pointing device. If you break down your house and rebuild it from the ground up with the same bricks, thats rebuilding to me. Its not "tweaking your current house" by a wide margin. A good tablet app makes a bad desktop app, and a good desktop app makes a bad tablet app, so its crucial to reimagine it.


Because it hasn't been tried doesn't mean that it is impossible. If you consider interactions with software at a more abstract level than we currently do, there is no theoretical reason why cross-device portability could not be significantly improved...


Interesting idea, I'd like to see that in action sometime.

Reply Score: 1

RE[5]: Comment by frderi
by Neolander on Sun 6th Nov 2011 16:35 UTC in reply to "RE[4]: Comment by frderi"
Neolander Member since:
2010-03-08

If you're already blown off your socks and find this improbable, you should really have a look at how the stuxnet worm works. THAT is scary stuff. If you haven't, it basically targetted specific Siemens controllers of nuclear purification machinery in a certain country. The worm needed to bridge a great distance over the internet, overcome the fact that these machines were not connected to a LAN (so it spread over USB as well), and needed to insert itself into the controller to cause havoc. And it all needed to do it on autopilot, remain undetected and not cause too much collateral damage in the process. Talk about digital warfare. If you read about how it achieved this, the kinds of exploits I mentioned earlier are kindergarten material.

I agree that software protections which are good enough against everyday desktop and mobile threats will be insufficient against targeted attacks with colossal financial and human means like Stuxnet. When you're facing this sort of attacks, you need NASA-like permanent code auditing and warfare-like financial and human means to achieve good security.

However, I also believe that that the average desktop/mobile user is not likely to have to worry about this anytime soon.

Downloading in Safari will automount the dmg and take out the application for you. For installing system components, you can create .pkg and .mpkg packages. And ofcourse, the App Store already puts the app in the right place for you. Come to think of it, I think not having installers on Mac is better, since contrary to windows, Mac apps don't need all the .dll stuff in the right places to run properly; It also makes clear to the user that running an app won't leave any potential nasty stuff spread around your system.

Hmmm... Which version of OS X are we talking about here ? I think that on the (admittedly a little old) 10.5 machines which I'm used to, Safari automatically mounts and opens dmgs but does not do anything else.

I really, really do not like Windows-like installers, but I see the value in standard packages whose installation goes a bit beyond copying a folder at a standard location. File associations, applications which start on system boot, security permissions... All that benefits from being managed at once during "installation" time.

I wouldn't mind seeing dedicated software put out by these services to make the process more streamlined. Some of the more important services, like banking transactions for companies, use this approach.

I see a value in having sensitive stuff such as banking managed by web services myself. When a vulnerability is discovered in a piece of code which handles financial transactions, you really want that vulnerability to be fixed immediately, and nothing beats web-based services for ease of updating ;)

But I guess that the risk is small for extremely simple applications which are just an I/O peripheral for a big cloud service.

The access to personal information is just a minor one. Then again, not an unimportant one. Bigger dangers I think are the fact that smartphones have location-based functionality. This can be exploited for all sorts of nasty things. Another thing is that smartphones are basically tiny computers which are mostly always always-on always-connected devices. There will also a great many more of them than desktop PCs. The fact that they're mobile also makes them harder to crack down. Can you imagine a botnet on millions of smartphones? Last but not least smartphones are able to generate additional cost. And whenever there's cost, there's a potential for malicious profit. Thats why I think you need tighter control on smartphone OSes than you need on Desktop PC's. So I think its really crucial that you run up-to-date software on a modern smartphone and have the mechanisms in place to facilitate that. Since the risk for disaster is many times bigger than desktop computers.

Alright, I give you this one ;) In this light, smartphones are indeed a quite "dangerous" piece of tech that must be handled with care.

Spot on. thats why other devices need other approaches when it comes to UI. But it doesn't stop at just the primary controls. Building a good tablet or smartphone UI is completely different than building a good Desktop app. You can't just "slap on" fixes for these basic controls and call it a day. You need to reimagine the app entirely.

You are right that cross-device portability, if possible, would be about much more than basic UI fixes. I've not started full work on that yet, but an interesting path to study, in my opinion, would be to start with a relatively abstract theory of human-computer interactions, then gradually specialize it towards the kind of devices and users which the OS or application wants to target.

Like, if we went extremely far on the "abstract" end of the spectrum, a basic clock application's UI would transmit a periodically updated text information to the user. And an SMS inbox would ask the user to pick an object from a list of items that are defined by a set of characteristics (Sender, short description, reception date, read/not read), where items which are not read are highlighted by the UI.

This is to be contrasted with the current approach to UI design, which at the other extreme aims at describing every single detail of the user-software interaction, and as such is extremely vulnerable to a change of hardware, be it only a move to a different screen size.

Of course, there are less extreme approaches in the middle, with both some control and some flexibility. And then there is the multiscalar approach, where developers start by designing their UI at a very general level, then define the specifics of some forms of interaction which they specifically focus on (keyboard, finger, mouse and voice input, screen and voice output...)

The primary reason for this is that Windows isn't modular enough and it being a jack of all trades. When you try too do too much, you tend to suck at everything.

And when you do too little, people just say "meh" and move along ;) I guess that defining reasonable goals for a product must be one of the hardest tasks of engineering !

A lot of the UI conventions and methodology that make sense on a desktop computer don't make sense at all on a mobile app. Mobile apps don't have windows, they work fullscreen. (...)

Well, they do have windows, in the sense of a private display which the application may put its UI into without other software interfering. It just happens that these windows are not resizable, full screen, and as a consequence are hard to close and can only be switched using the operating system's task switcher. Which makes multi-windows interfaces impractical. But those ought to disappear anyway ;)

And although they do not have a mouse, they still have pointer-based UIs. Only this time, the pointer is a huge greasy finger instead of being a pixel-precise mouse, so hovering actions must not be a vital part of the UI, and controls must be made bigger to be usable. Since controls are bigger and screens are smaller, less controls can be displayed at once, and some controls must either go of be only accessible through scrolling. But this does not have to be fully done by hand, UI toolkits could do a part of the job if the widget set was designed with cross-device portability in mind...

Edited 2011-11-06 16:38 UTC

Reply Score: 2

RE[6]: Comment by frderi
by frderi on Sun 6th Nov 2011 19:37 UTC in reply to "RE[5]: Comment by frderi"
frderi Member since:
2011-06-17


I agree that software protections which are good enough against everyday desktop and mobile threats will be insufficient against targeted attacks with colossal financial and human means like Stuxnet. When you're facing this sort of attacks, you need NASA-like permanent code auditing and warfare-like financial and human means to achieve good security.

However, I also believe that that the average desktop/mobile user is not likely to have to worry about this anytime soon.


I'm not sure if you aware of how the black hat industry works. Make no mistake, this is a multi million dollar industry. There are people out there that make a living out of it. There are people who do nothing all day but to find these zero-day bugs. And when they find them, they sell them on the black market, for hundreds or thousands of dollars. These aren't the kinds of bugs that come to light by patches. The black hat industry has moved beyond that. These are bugs that aren't known by their respective vendors and aren't patched in any of their products. This information is then bought by malware writers, who exploit them in their malicious code for keylogging, botnets, whatever. There's not a hair on my head that thinks black hats are not capable of writing Stuxnet-like functionality. Don't underestimate these guys, they're way smarter than you think.


Hmmm... Which version of OS X are we talking about here ? I think that on the (admittedly a little old) 10.5 machines which I'm used to, Safari automatically mounts and opens dmgs but does not do anything else.


Opening safe files is an option you can turn off and on in the options; it also works with zip files.


I really, really do not like Windows-like installers, but I see the value in standard packages whose installation goes a bit beyond copying a folder at a standard location. File associations, applications which start on system boot, security permissions... All that benefits from being managed at once during "installation" time.


True. On a Mac, .pkg/.mpkg packages do that. They actually are little more than a bundle of an archive files and some xml data to describe its contents. it supports scripting, resources, …


You are right that cross-device portability, if possible, would be about much more than basic UI fixes. I've not started full work on that yet, but an interesting path to study, in my opinion, would be to start with a relatively abstract theory of human-computer interactions, then gradually specialize it towards the kind of devices and users which the OS or application wants to target.


Its an interesting train of thought, but I still think there would be a lot of human design based decisions to be made for the different devices, and I don't know if the net gain of letting the computer do this would be greater than just redesigning the UI yourself, especially on iOS devices, where its trivial to set up an UI.


And when you do too little, people just say "meh" and move along ;) I guess that defining reasonable goals for a product must be one of the hardest tasks of engineering !


It has to have the functionality to support the use cases for the device. Everything else is just clutter. After defining the goals of your app, you need to design the practical implementation of the functionality. As a user, I really appreciate it when a lot of thought has gone into this process. Some UI's which are basically displays of underlying functionality. These tend to be very tedious and time consuming to work with. There are others which actually take the effort to make the translation between a simple user interaction and the underlying technology. A lot of thought can go into the process of trying to come to grips with how these interactions should present itself to the user, and in some cases, it takes an order of a magnitude more effort than it takes to actually write the code behind it.

Well, they do have windows, in the sense of a private display which the application may put its UI into without other software interfering. It just happens that these windows are not resizable, full screen, and as a consequence are hard to close and can only be switched using the operating system's task switcher. Which makes multi-windows interfaces impractical. But those ought to disappear anyway ;)


You're looking at it from a developer perspective, I'm looking at it from a user perspective. As a user I don't care if there's a windowing technology behind it or not. I don't see it, I don't use it, so it doesn't exist. Desktop computers have windowing functionality (The classic Mac OS even had way too many of it) There are more differences than that. Some popups, like authorizations, are modal, some others, like notifications, are non-modal. They way they display these things is different as well. But these are just individual elements, and in the grand scheme of things, trivialities.


Although they do not have a mouse, they still have pointer-based UIs. Only this time, the pointer is a huge greasy finger instead of being a pixel-precise mouse, so hovering actions must not be a vital part of the UI, and controls must be made bigger to be usable. Since controls are bigger and screens are smaller, less controls can be displayed at once, and some controls must either go of be only accessible through scrolling. But this does not have to be fully done by hand, UI toolkits could do a part of the job if the widget set was designed with cross-device portability in mind...


Try to think a little bit further than the practicalities of the UI elements and think about the overall user experience instead of the engineering challenges. Good tablet apps are layed out differently than good desktop apps. This is not a coincidence. Some of those differences are based on the different platform characteristics, as you mentioned. But other reasons have to do with the fact that the use cases for these apps differ greatly. I'm convinced that when you are designing UI's, you have to start from the user experience and define these use cases properly to be able to come to an application design thats truly empowering your users.

Reply Score: 0

RE[7]: Comment by frderi
by Neolander on Sun 6th Nov 2011 22:11 UTC in reply to "RE[6]: Comment by frderi"
Neolander Member since:
2010-03-08

I'm not sure if you aware of how the black hat industry works. Make no mistake, this is a multi million dollar industry. There are people out there that make a living out of it. There are people who do nothing all day but to find these zero-day bugs. And when they find them, they sell them on the black market, for hundreds or thousands of dollars. These aren't the kinds of bugs that come to light by patches. The black hat industry has moved beyond that. These are bugs that aren't known by their respective vendors and aren't patched in any of their products. This information is then bought by malware writers, who exploit them in their malicious code for keylogging, botnets, whatever. There's not a hair on my head that thinks black hats are not capable of writing Stuxnet-like functionality. Don't underestimate these guys, they're way smarter than you think.

I don't think that black hat guys are stupid or not capable to pull out top-quality exploits. For all I know, Stuxnet may just have been the American government hiring some black hats. But it is a fact that the more information about an exploit spreads, the most likely it is to reach the ears of developers, who will then be able to patch it.

So if a black hat has a high-profile, Stuxnet-like exploit at hand, won't he rather sell it for a hefty sum of money to high-profile malware editors which will then use it to attack high-profile targets, than sell it for the regular price to a random script kiddie who will use it to write yet another fake antivirus that displays ads, and attempts to steal credit card information ?

True. On a Mac, .pkg/.mpkg packages do that. They actually are little more than a bundle of an archive files and some xml data to describe its contents. it supports scripting, resources, …

Indeed, these are relatively close to what can be found on Linux. Now, personally, what I'd like to see is something between DMGs and this variety of packages. A standard package format which does not require root access for standard installation procedures and has an extremely streamlined installation procedure for mundane and harmless software, but still has all the bells and whistle of a full installation procedure when it is needed.

Its an interesting train of thought, but I still think there would be a lot of human design based decisions to be made for the different devices, and I don't know if the net gain of letting the computer do this would be greater than just redesigning the UI yourself, especially on iOS devices, where its trivial to set up an UI.

Oh, sure, I'm not talking about making UI design disappear, just changing a bit the balance of what's easy and what's difficult in it in favor of making software work for a wider range of hardware and users.

Adopting a consistent terminology, designing good icons, making good error messages, avoiding modals like pest, many ingredients of good UI design as it exists today would remain. But making desktop software scale well when the main window is resized or designing for blind people would be easier, whereas a price for this would be paid in terms of how easy it is to mentally perceive what you are working on during design work, making good IDEs even more important.

It has to have the functionality to support the use cases for the device. Everything else is just clutter.

This is not as trivial as you make it sound, though. Sometimes, the same use cases can be supported with more or less functionality, and there is a trade-off between comfort and usability.

Take, as an example, dynamically resizable arrays in the world of software development. Technically, all a good C developer needs in order to do that is malloc(), free() and memcpy(). But this is a tedious and error-prone process, so if resizing arrays is to be done frequently (as with strings), stuff which abstracts the resizing process away such as realloc() becomes desirable.

But that was just a parenthesis.

Some UI's which are basically displays of underlying functionality. These tend to be very tedious and time consuming to work with. There are others which actually take the effort to make the translation between a simple user interaction and the underlying technology. A lot of thought can go into the process of trying to come to grips with how these interactions should present itself to the user, and in some cases, it takes an order of a magnitude more effort than it takes to actually write the code behind it.

Well, we totally agree that UI design really is tedious and important stuff, and will remain so for any foreseeable future ;)

You're looking at it from a developer perspective, I'm looking at it from a user perspective. As a user I don't care if there's a windowing technology behind it or not. I don't see it, I don't use it, so it doesn't exist.

By this logic, a huge lot of computer technology does not exist, until the day it starts crashing or being exploited, out of being treated as low-priority because users don't touch it directly ;)

More seriously, I see your point. Mine was just that if you took a current desktop operating system, set the taskbar to auto-hide, and used a window manager which runs every app in full screen and doesn't draw window decorations, you'd get something that's extremely close in behaviour to a mobile device, and all software which doesn't use multiple windows wouldn't need to be changed a tiny bit. So full screen windows are not so much of a big deal as far as UI design is concerned, in my opinion.

Desktop computers have windowing functionality (The classic Mac OS even had way too many of it) There are more differences than that. Some popups, like authorizations, are modal, some others, like notifications, are non-modal. They way they display these things is different as well. But these are just individual elements, and in the grand scheme of things, trivialities.

And mobile OSs have modal dialogs and notifications too. No, seriously, I don't see what's the deal with windows on mobile devices. AFAIK, the big differences, as far as UI design is concerned, is that there is a very small amount of screen estate and that touchscreens require very big controls to be operated. But you talk about this later, so...

(...) Good tablet apps are layed out differently than good desktop apps. This is not a coincidence. Some of those differences are based on the different platform characteristics, as you mentioned. But other reasons have to do with the fact that the use cases for these apps differ greatly. I'm convinced that when you are designing UI's, you have to start from the user experience and define these use cases properly to be able to come to an application design thats truly empowering your users.

And this is precisely an area where I wanted to go. Is there such a difference in use cases between desktops and tablets ? I can use a desktop as well as a tablet to browse the web, fetch mail, or play coffee-break games. And given some modifications to tablet hardware, such as the addition of an optional stylus, and the addition of more capable OSs, tablets could be used for a very wide range of desktop use cases.

Now, there is some stuff which will always be more convenient on a desktop than on a tablet, and vice versa, because of the fundamental differences in hardware design criteria. But in the end, a personal computer remains a very versatile machine, and those we have nowadays are particularly similar to each other. Except for manufacturers who want to sell lots of hardware, there is little point in artificially segregating "tablet-specific" use cases and "desktop-specific" use cases. That would be like turning laptop owners who play games in derision because they don't have "true" gaming hardware, which I hope you agree would be just wrong. Everyone should use whatever works best for them.

Reply Score: 2