Scott Penrose

Mac Sandbox

Scott is an expert software developer with over 30 years experience, specialising in education, automation and remote data.

Difference between revision 4 and current revision

No diff available.

What does it mean? Are you concerned?

The Mac, specifically Mac OS X, has been for me, all the advantages of Unix with commercial applications. Most of my development is done on and for linux. Mac OS X has allowed me to use commercial applications not available to linux (e.g. MYOB, Final Cut Pro, Adobe Photoshop) and keep developing and using the machine with almost all the advantages of Linux. This is not about talking alternatives. I am required to use these apps for various commercial reasons. If I worked alone I would not.

The new Sandbox requirement has me worried.

Let me say that in principle... sandboxing applications is a good idea... the issue is how to get them not sandboxed. Yes, you can avoid App Store - but maybe not always. You can't avoid the app store on iOS. It seems to be the future for Mac OS X too.

Scenario 1: All files in a directory

Final cut pro X has access to all directories, files, metadata files (basically sqlite databases) etc in your video folders.

Having access to a directory like that is pretty common.

What about an app that manages a web site. It manages files, builds files from templates, lists the files, links to them.

According to the new documentation, you have to specify a file, one at a time, via an open dialog box to read/write to files.

Scenario 2: Plugins

Apparently all impossible. So what about plugins to Aperture, Final Cut, Adobe PhotoShop, etc.

Scenario 3: Apple Script

Can the application run any apple script? Can the apple script or automator run the application?

The plague of iOS

The biggest issue with iOS is the inability for applications to share data. I can't get my word processor to embed data from a spreadsheet - silly example - but this lack of shared user document space is quite on purpose to improve security. But functionally, usability - it SUX !

The Mac OS X does not have this problem... but it is about to.

File open

Will you be able to open files with other methods. Double click finder; open from Alfred; using open command line. I suspect not. Therefore usability, accessibility and functionality is lost. This needs to be tested, but if you can open from these other apps (e.g. finder) is it because of special permissions, or are they ignoring that.

Be wary

The idea of sandbox seems reasonable. Why should a game not just access its own data. Even many utility applications like OmniFocus only needs generally access to its own directory, plus a little interaction (ability for other apps to add entries).

Once you move into the document space though it is a different story. Most projects I work on, even if the files are in Dropbox, local, git, etc have a mix of file types. I may need to edit an SVG, compile code, modify a text file. This is all possible and easy. I can even use tools like XCode to open the file types it can't edit directly.

The idea of having your set of documents stored against an application, like iOS has a number of issues:

  • It is poor document management. They should be event or project or task based, not file type, which should not matter.
  • It is the primary reason I can't use iPAD/iOS to replace my laptop for every day tasks
  • Multiple tools use the one file - photoshop file that is then updated with a version control system, embedded in your web site and uploaded - could be 4 tools on this one file. Of course those tools are working with multiple files.
  • Some tools will generate multiple file types. How often do we work with just one file. Word processor is ok. But even Adobe Photoshop has the ability to output many files at once, split layers, import/export multiple files when dealing with single frame video etc.

Application List

I have decided to start writing down the apps I use each day, and work out what privs they may need.

  • MYOB - Send email via Mail.app (is this supported?)