| ▲ | scarface_74 2 days ago |
| It’s not really a solved problem on any desktop platform. Once you download an app on a desktop, it has complete access to all of your files you have access to in user space. The Files app itself works just the same to manage files as Windows and Macs assuming you didn’t have multiple windows to work with. The Files app as method to open and save files with in an app, works like any other file picker with more granular permissions. The idea that any file storage service is a first class citizen (Dropbox, Google Drive, OneDrive, etc) is definitely a win. |
|
| ▲ | moduspol 2 days ago | parent | next [-] |
| Apple added functionality to macOS a few years ago that requires a separate pop-up / permissions dialog when apps try to access various directories the user can otherwise access (like Documents, Downloads, Desktop, other apps' files, etc.). |
| |
| ▲ | scarface_74 2 days ago | parent [-] | | And that doesn’t help. Once an app has permission to your folder along with every other app, it’s not actually solving the problem of an app having access to all of your files. An app on iOS can only read and write to its own folder in your iCloud Drive by default. You can specifically choose a file in another folder or from another storage provider. |
|
|
| ▲ | StopDisinfo910 2 days ago | parent | prev [-] |
| > It’s not really a solved problem on any desktop platform. Once you download an app on a desktop, it has complete access to all of your files you have access to in user space. Amusingly, Linux solved that with flatpack. Applications are installed in their own sandboxed containers and you decide which files they can and can’t access. The Linux desktop has some very interesting pieces of technology. Apple could do the same on macOS but that would pierce the veil that their user hostile policies are actually motivated by greed and not security. |
| |
| ▲ | icedchai 2 days ago | parent | next [-] | | Apple has "App Sandbox" and an entitlement system on the Mac: https://developer.apple.com/documentation/security/app-sandb... It's "baked in" and doesn't require containers. | | |
| ▲ | scarface_74 2 days ago | parent [-] | | Isn’t this only enforced for Mac App Store apps? | | |
| ▲ | icedchai 2 days ago | parent | next [-] | | I've read that apps outside of the Mac App Store can use it. I think they have to be signed / notarized. | |
| ▲ | robenkleene 2 days ago | parent | prev [-] | | I want to just say "yes, obviously". But "obviously" is carrying a lot of weight there. For a TLDR: I think Apple has already gone too far in prioritizing security over the priorities of multimedia editors (e.g., https://insydium.ltd/support-home/manuals/x-particles-video-...). But something like the After Effects plugin ecosystem I don't think could ever be sandboxed. So it makes sense to have sandboxing conditional based on certain criteria, e.g., the Mac App Store. But even there I'm not sure it makes sense, I suspect we'll never see a Mac-first tier 1 new creative application like Sketch (https://en.m.wikipedia.org/wiki/Sketch_(software)), purely because it's to detrimental to the priorities of that kind of app. |
|
| |
| ▲ | robenkleene 2 days ago | parent | prev | next [-] | | macOS and iOS have sandboxed containers too, and regardless I don't understand your last statement about motivations (i.e., whether Apple platforms have sandboxes relating to greed isn't a clear connection). | | |
| ▲ | StopDisinfo910 2 days ago | parent | next [-] | | Apple likes to present the AppStore as the only thing protecting its users from the Wild West. Admitting their sandbox could be turned on by default and give the same protection without having to go through their vetting system and giving them their cut would be counterproductive. How would they justify it makes sense on the phones and iPads then? | | |
| ▲ | robenkleene 2 days ago | parent [-] | | There are a couple of problems with the argument you're making: 1. Any app can be sandboxed, not just Mac App Store apps (the only link is that Mac App Store apps require sandboxing). 2. Enforcing sandboxing on macOS would hinder industries Mac users value, per my comment here https://news.ycombinator.com/item?id=44952088 Apple would love to enforce sandboxing by default, because it would serve their long-term strategic goals (moving computing towards devices that benefit from integrated software/hardware), but it hurts their short-term goals (maintaining Apple's [somewhat tenuous these days] penetration across a variety of particularly creative industries) too much to do so. |
| |
| ▲ | JustExAWS 2 days ago | parent | prev [-] | | Yes and they are only as far as I know enforced for Mac App Store apps. But once an app has free reign to read and write anywhere on a shared folder, it defeats the purpose as opposed to being able to read and write to the apps own folder and the user can choose a file from another folder explicitly. But what do sandboxes have to do with greed? | | |
| ▲ | robenkleene 2 days ago | parent [-] | | I comment on the Mac App Store part here https://news.ycombinator.com/item?id=44952088 > But once an app has free reign to read and write anywhere on a shared folder, it defeats the purpose as opposed to being able to read and write to the apps own folder and the user can choose a file from another folder explicitly. Not sure I'm following this statement, isn't just being able to read/write to a shared folder a large improvement over an app being able to write to the entire file system (user-permissions allowing, granted)? I.e., "it defeats the purpose" seems like an odd phrase to use there? (For the record, I wish all this sandboxing/entitlement-based security stuff didn't exist on desktop computers [my priorities are clearer from my linked to comment], so I'm probably wrong person to ask anyway, but I was missing what you meant there.) | | |
| ▲ | JustExAWS 2 days ago | parent [-] | | The only part of my computer I care about are my own files and of course things like passwords in the Secure Enclave. If the operating system gets hosed (see the former Chrome bug where if you turned System Integrity Protection off and installed Chrome it hosed your entire OS), that’s an annoyance. But recoverable. It’s actually the concept of an old XKCD https://xkcd.com/1200/ | | |
|
|
| |
| ▲ | crinkly 2 days ago | parent | prev [-] | | Er that's exactly how macOS works already. The App Sandbox stuff bounces through the kernel if something asks for access and you can say "no thanks". It's basically a proper Mandatory Access Control framework. And the apps themselves are shipped in isolated bundles containing all their resources, which may include other binaries/libraries etc. | | |
| ▲ | JustExAWS a day ago | parent [-] | | It’s only how App Store apps work. There is nothing stopping a popular video conferencing app that you install from the web from surreptitiously installing a web server on your computer leading to a security vulnerability. https://michael.team/zoom/ | | |
| ▲ | crinkly a day ago | parent [-] | | It’s not. They changed a lot of stuff in Sequoia. I know this because it broke something I rely on and I had to go fix it. It can’t even open a file without the correct entitlements and code signing done and permission granted by the end user. |
|
|
|
