| ▲ | robenkleene 2 days ago |
| macOS and iOS have sandboxed containers too, and regardless I don't understand your last statement about motivations (i.e., whether Apple platforms have sandboxes relating to greed isn't a clear connection). |
|
| ▲ | StopDisinfo910 2 days ago | parent | next [-] |
| Apple likes to present the AppStore as the only thing protecting its users from the Wild West. Admitting their sandbox could be turned on by default and give the same protection without having to go through their vetting system and giving them their cut would be counterproductive. How would they justify it makes sense on the phones and iPads then? |
| |
| ▲ | robenkleene 2 days ago | parent [-] | | There are a couple of problems with the argument you're making: 1. Any app can be sandboxed, not just Mac App Store apps (the only link is that Mac App Store apps require sandboxing). 2. Enforcing sandboxing on macOS would hinder industries Mac users value, per my comment here https://news.ycombinator.com/item?id=44952088 Apple would love to enforce sandboxing by default, because it would serve their long-term strategic goals (moving computing towards devices that benefit from integrated software/hardware), but it hurts their short-term goals (maintaining Apple's [somewhat tenuous these days] penetration across a variety of particularly creative industries) too much to do so. |
|
|
| ▲ | JustExAWS 2 days ago | parent | prev [-] |
| Yes and they are only as far as I know enforced for Mac App Store apps. But once an app has free reign to read and write anywhere on a shared folder, it defeats the purpose as opposed to being able to read and write to the apps own folder and the user can choose a file from another folder explicitly. But what do sandboxes have to do with greed? |
| |
| ▲ | robenkleene 2 days ago | parent [-] | | I comment on the Mac App Store part here https://news.ycombinator.com/item?id=44952088 > But once an app has free reign to read and write anywhere on a shared folder, it defeats the purpose as opposed to being able to read and write to the apps own folder and the user can choose a file from another folder explicitly. Not sure I'm following this statement, isn't just being able to read/write to a shared folder a large improvement over an app being able to write to the entire file system (user-permissions allowing, granted)? I.e., "it defeats the purpose" seems like an odd phrase to use there? (For the record, I wish all this sandboxing/entitlement-based security stuff didn't exist on desktop computers [my priorities are clearer from my linked to comment], so I'm probably wrong person to ask anyway, but I was missing what you meant there.) | | |
| ▲ | JustExAWS 2 days ago | parent [-] | | The only part of my computer I care about are my own files and of course things like passwords in the Secure Enclave. If the operating system gets hosed (see the former Chrome bug where if you turned System Integrity Protection off and installed Chrome it hosed your entire OS), that’s an annoyance. But recoverable. It’s actually the concept of an old XKCD https://xkcd.com/1200/ | | |
|
|
