OS X Lion Sandboxing Is A Killjoy Destined To Ruin Our Mac Experience



Mac OS X developers have been given a few extra months to accept the Mac App Store app sandboxing requirements… or to forget about selling their apps through Apple’s store altogether.

Originally, the deadline was November 1st, but Apple has since uncharacteristically extended the deadline to March 1, 2012. After that, all apps sold in the Mac App Store must use Mac OS X Lion’s new sandboxing framework. That framework is another thing Lion had adopted from iOS and is meant to increase security on the Mac.

With the deadline extended, developers now have about four months to decide on whether they will support sandboxing in their apps. The problem? If they do, some apps will become just shadows of their former selves.

Although many developers have already prepared for the deadline this month, I’ve spoken to many others who either still weren’t ready or just didn’t like the concept at all. Some developers see the imposition of sandboxing as something that will limit or severely reduce the functionality of their apps. In addition, sandboxing means customers might suddenly discover some of their apps’ favorite features just stop working come March 1st.

It seems clear Apple is trying to fundamentally change the way developers write software for the Mac, and the extended deadline means a lot of developers are fighting the change. It’s easy to understand why. There was already a trade-off between the need for an app to be secure and developers’ need to be free to write the software they wanted, and Apple is making the trade even tighter than it was before.

What Is App Sandboxing?

Sandboxing apps isn’t new. In fact, it’s required for all apps running under iOS on the iPhone, iPod touch and iPad. What ‘sandboxing’ means is that an app runs partitioned off from the operating system and the other apps running on the same device. When apps are sandboxed, they cannot mess up other apps or the operating system running on that device. In other words, if something goes wrong with an app, then it can only ruin its own sandbox. It can’t bring the whole system crashing to a halt along with it.

In addition, sandboxing has great benefits when it comes to protecting a system from being compromised by malware, in that the only damage malware can do to a running program has to happen within the confines of the sandbox.

But that security comes with a price. Any app running in a sandbox can’t access OS X’s entire file system, communicate with other apps and so on. On the Mac especially, where the app ecosystem has been allowed to flourish for a decade without having to worry about sandboxing, that means features many users take for granted will have to be abandoned in order to comply with Apple’s Mac App Store rules. Here are some examples:

BBEdit and TextWrangler

BBEdit and TextWrangler from Bare Bones Software, Inc. are apps that offer different features depending on where you buy them. If you buy directly from Bare Bones Software, Inc. you’ll have the full-featured BBedit or TextWrangler we all know and love. If you buy them from the Mac App Store, you lose functionality. Here’s how Bare Bones describes the changes:

Are there any differences between the Mac App Store versions of your software and the versions available directly from your web site?

In BBEdit and TextWrangler, authenticated saves (the ability to save changes to files that you do not own) and the command-line tools are not available in the Mac App Store versions, in order to comply with Apple’s submission guidelines.

Authenticated saves are not possible in versions of BBEdit or TextWrangler obtained from the Mac App Store. If you desire this capability, please purchase BBEdit directly from us or download TextWrangler directly from us.

If you have already purchased BBEdit from the Mac App store and need support for authenticated saves, please contact our customer service department for assistance. We will require proof of purchase from the Mac App Store in order to assist you; if you include that information when you write us, doing so will speed the process.

Command-line tools: Any customer who has purchased BBEdit or TextWrangler from the Mac App Store may use the following packages [downloaded from Bare Bones Software website] to install the command-line tools on their system. (These packages are only for use with the Mac App Store versions of BBEdit or TextWrangler, and are not suitable for use otherwise.)

BBEdit customers buying from the Mac App Store won't get the full BBEdit experience like they would if they bought directly from Bare Bones Software, Inc.

The authenticated saves issue might be a big deal for power users who use BBEdit for a range of high level support or development issues on Macs. Personally, I could not use the Mac App Store version of BBEdit for this very reason, since I often find myself editing many different files on my Macs (see this report). I also find the command-line tools useful, and although you can get them for the sandboxed versions of BBEdit, it is a lot easier just to get them when you buy and download BBEdit from Bare Bones Software directly.

Rich Siegel, founder and CEO of Bare Bones Software, Inc. had this to say about sandboxing:

Sandboxing is a set of measures designed to ensure security. When carried to a rigorous or logical conclusion, however, sandboxing is inherently inimical to applications serving the creative, power user and developer markets. Some middle ground and flexibility, taking into account implicit and explicit user intent, would empower the security without sacrificing the productivity. We hope these issues can be worked out.


There are some apps that won’t just lose functionality if they come to the App Store. Some apps can never come to the Mac App Store, since they will never be able to meet Apple’s sandboxing requirements. One example is AirDisplay from Avatron, a small self-contained app that doesn’t access outside files. However, according to Dave Howell at Avatron:

The host software [for AirDisplay], with its kernel extensions and other low-level components, would never qualify for app store distribution anyway, so no sandbox issue there (at least unless Apple finally shuts down support for third party drivers completely, heaven forfend!).

AirDisplay works for now, but only for as long as Apple supports third-party drivers.

In this case, we’ll be okay as long as we are able to buy software from outside the Mac App Store, which so far is possible, but might not be forever. There are very clear business reasons why Apple wants all apps to go through the Mac App Store, because software sold on any other platform doesn’t give them a 30% cut. If Apple ever makes the Mac App Store the exclusive software platform for OS X, software like AirDisplay will just go away.

Other Application Examples

The breadth of apps negatively impacted by sandboxing is huge and almost definitely includes an app you use yourself every day.

As pointed out by MacRumors, there are other apps that will be negatively impacted by sandboxing:

• iTunes controllers (Tagalicious, CoverSutra)
• Inter-app communication apps (Fantastical)
• Apps that browse the file system (Transmit)
• System-wide keyboard shortcut utilities (TextExpander)
• File syncing, and backup utilities (SuperDuper! and Carbon Copy Cloner)
• Applications that capture system sound and reroute it (Audio Hijack Pro and WireTap Studio).

This is not an isolated issue. It’s one that affects a huge chunk of developers and a sizable number of the best apps available on the Mac.

Bottom Line

Apple is currently offering short-term exceptions developers can use to get around the sandboxing requirements, but in typical Apple fashion, these exceptions are only temporary. There is no telling when the apps that were accepted into the Mac App Store with these exceptions will suddenly get booted out. Many developers are hoping Apple will come up with a better solution than just eliminating these apps from the Mac App Store, but if Cupertino has another plan, they are being tight-lipped about it.

This isn’t just a problem affecting developers, though. End users also need to consider the impact this will have on them. It could be significant, as Jason Snell rightly points out over at Macworld:

Not only does this approach risk turning the Mac App Store into a wasteland of arcade games and one-trick-pony apps, it risks dumbing down the Mac app ecosystem as a whole. While developers can always opt out of the Mac App Store, they’re reluctant to do so.

The other question to ask yourself is whether or not sandboxing is even worth the trade-offs. Is it really going to make security better on the Mac? According to computer forensics and security expert Jonathan Zdziarskiprobably not:

I don’t think this will benefit security. Apple already has a fairly decent security implementation incorporating FileVault 2, address space layout randomization (ASLR), and of course all of the security that’s found in the Unix operating environment that’s worked just fine for the past 30 years.

Ars Technica concludes:

The ultimate downside, then, could be complete Apple control over which applications can be run on your system. “Sandboxing will severely limit the functionality of Mac applications, and may even make some applications impossible to use,” Zdziarski warned. “The question really is, whether this has to do with security, or Apple’s intent to exert control over what’s installed on the desktop. This paves the path to lock down desktop machines in the same way that the iPhone or iPad are locked down, essentially eradicating any development that isn’t sanctioned by Apple.”

I don’t know about you, but I’m not interested in owning a dumb computer or one-trick-pony apps. I’d prefer the freedom to build or use the apps I’ve known and loved for years versus an app that is watered down, locked down, and ultimately controlled by Apple. I know security is important, but I’d rather be free to use or build the apps the way I want.

This is the ultimate frontier of computer freedom we are talking about here. For good or ill, the computer is a great tool practically anyone can use to build the next best thing. Should Apple really be deciding what the next best thing you build on your computer is going to be? Or is that a decision developers should be able to make for themselves?

  • Anthony

    “If Apple ever makes the Mac App Store the exclusive software platform for OS X” I will never buy another Mac.

  • Robert Menes

    Sandboxing, like anything else, should be kept only in moderation; i.e. just enough to keep the app safe, but not to take away any vital functions that any app should have (file manipulation, data sharing/routing, etc.) While it’s nice to allow Joe Sixpack to just “use” his computer without worry or fear, it is also snubbing power users and dropping them down to the lowest common denominator of users.

    I want to own my own iPad, as I see that as being the closest to Alan Kay’s vision of the Dynabook. But seeing as how Apple thinks that everyone wants to just consume content, rather than create it, on iOS devices, this may or may not happen. Apple needs to get off that mentality of iOS being just a fancy embedded OS to play games and go on Facebook, and give power users and developers a chance to use the iPad as a real educational device and tool for creation.

    Seriously, put a Smalltalk environment of any sort (Etoys, Pharo, Scratch, Squeak, etc.) on the App Store, and maybe some other graphical programming languages like Puredata, and you have a Dynabook. Then Alan Kay and Steve Jobs will *both* be happy; Kay for finally seeing a real Dynabook, and Steve for getting even more iPads out into the hands of children.

  • hairyderriere

    “I know security is important, but I’d rather be free to use or build the apps the way I want.”

    Everyone knows what they are getting when they buy Apple. Yes, it’s locked down. But yes, it’s reliable, it works time after time and, frankly, that is part of the attraction of the platform. 

    Would it be too difficult for App designers to design for two platforms? I’m planning on picking up a Nokia Lumia 800 to run alongside my iPhone 4 and would welcome expanded capabilities on the Lumia – if they are worth it. But, having played a lot with computers in the 80s, I’m no longer into tech for tech’s sake – and there are an awful lot of people like me.

  • cranstone

    As long as there’s an option to install via web site then it’s not a huge deal. It’s if Apple closes that loop that everyone will switch. Parallels looks better everyday.

  • tdhurst

    Frustrating, but certainly the right more for the majority of Apple’s customers.

    I’m not a fan, but I’m able to support worth apps and developers, regardless of where they sell their creations.

  • kootenayredneck

    Add 1Password Version 3.9.x to your list. It is now garbage and the only reason I keep it is that it houses all my passwords that I had before mistakenly updating to the MAS download.

    Eventually I’ll get rid of this junkware.

  • gerenm63

    It sounds almost as if they’re trying to break any professional use of the Mac. Adobe CS software interoperability and functionality is certainly going to suffer, if not break entirely. With the possible demise of the Mac Pro, I’m already looking at having to move away from Macs at work. If they break my pro apps, I’ll have to switch back to Windoze at home as well.

  • prof_peabody

    This is less an article and more a collection of unsupported over-the-top statements with almost no connection to one another.  

    For example: “It seems clear … that the extended deadline means that a lot of developers are fighting the change.”  When in fact this is not clear at all and basically a completely unsupported statement.  

    Also, while you do mention at the top that these rules only apply to Apps within the App store your rant kind of implies at other times that core functionality will no longer be available through these apps.  All we are talking about here is a *marketing* opportunity.  All apps will stay the same, but those that don’t follow the sandboxing rules will not be allowed to be sold through the App store.  So what?  

    The App store is a part of making the Mac easier for the average person to use.  The average person is not going to need or use a stand alone FTP app or a pro text editor for fussing with plists.  If an app is not available in the Mac App store, that doesn’t mean it isn’t available, only that it isn’t available for your Grandparents to download by mistake.  

    You know, the kind of users that are going to get troubled by “unsafe” applications in the first place.  

    You are making a really big deal out of essentially nothing here.  

  • elthesensai

    Question is at what point do we just get a HP or a Dell? That new ultra slim laptop from Razer keeps looking better everyday.

  • Atienne

    maybe apple should just integrate some anti-malware into the os that watches what the other programs are trying to do and allows or disallows. this would still require developers to be transparent about what going on.

  • Tim Meesseman

    They won’t. Because they know you and hundreds of millions of other people will be just as pissed.

  • Shaun

    Sandboxing makes sense. It limits any problems to that piece of software without affecting your Mac as a whole. Helps security and prevents or limits the impact of any malware. As the Mac becomes more popular more and more security threats will start to appear. I don’t want these app’s to access the inner workings of my Mac. They should build better app’s instead. Anyone who has used Windows will tell you how much damage app’s can do your system without the users knowledge. You only find out when your computer keeps crashing and you end up having to uninstall and reinstall app’s until the problems are resolved. It’s a nightmare and one of the many reasons I moved across to the Mac.

  • cranstone

    I just use an iMac with Parallels. Two OS, access to everything out there. It makes no difference to me anymore – all I use a computer for is to get the job done. Apple’s iMac gives me a 27inch screen to run multiple OS’s in totally seamlessly. Sandbox away – it won’t make any difference. Especially when the alternative is now a “space/desktop” away.

  • JimR

    Did you buy Adobe CS from the Mac App Store? No.  This applies to software for purchase on the Mac App Store.

  • Anthony

    I doubt it as well. I’m willing to put up with it in IOS, because I just want those devices to work, but I expect the Mac itself to be a computer.

  • CharliK

    if by OUR you mean some geeky 5% of users. not really. Apps that want to have a not sandboxed version can still release it on their own site. or just pull out of the store altogether. 

    for the 95 and the apps they are getting off the App Store few to likely zero of them will be cut off from any tasks by sandboxing. 

  • CharliK

    “This is less an article and more a collection of unsupported over-the-top statements with almost no connection to one another.”

    Welcome to the new Cult of Mac hyperbole and rumor blog. They found that such articles get more hits than actual news and tips so they changed their focus months ago to make more money. they keep the random lamely done video by Michael and tip article by David around to try to look legit but pretty much everyone knows they are just gossip mongering hit whores like all the other sites. Only difference between them and the others is that they tried to keep their noses in the air and being a ‘real news site’ for so long that they don’t have any sources of their own and have to just reprint from the other boys. 

  • CharliK

    1password is pretty much junk ware anyway given that Apple put in the Keychain Access utility that gives you the same function. 

    about the only reason to have something like 1password is if it shares data with the iOS version so if you add a password to one version it is updated to the other. Much like you used to be able to sync keychains across macs in mobile me

  • Brittp2

    Agree! Most will buy from the App store and Fuhgeddaboudit. For the ones that want to go it alone unprotected from the internet “touching your junk”… buy from the internet or Best Buy. I don’t see this as anything but good for the user, normal user. 

  • Elmo

    Lucasscott – lame dude. It’s clear this is a community wide problem that requires community involvement about a very real problem. It is about control of our computers and how we create things with them. I thought it was nice to see what everyone else is saying about a very real problem. So that I could read about what they had to say and then formulate my own decision after reading all the opinions.

  • Elmo

    Key chain isn’t the same as what 1Password does or other apps like it. Not even a little bit close. Are you a n00b?

  • ??????? ???????

    It’s utterly wrong to say that sanboxing limits some features of some applications and their interaction with the OS.
    It’s just that this interaction is regulated by some “rules”, that are called entitlements.
    When an app has to perform some complex or system-wide action, it asks for the corresponding entitlement from the OS (i.e. entitlemen to access the internet, entitlement to change system files, etc.).
    So if a sanboxed app wants to offer the same functionality with the non-sanboxed one, that means more work for the developer to set up the entitlements.

    Of course, sandboxing alone can’t solve the problem. For instance, a program may ask entitlements for every single action that can be performed by the OS, thus negating the benefits of sundboxing. So, someone should be in charge of making sure that the entitlements of each program are kept at a minimum.
    Moreover, the creator of a malicious program will of course opt to distribute it through his own site, or torrents, or whatever but the Mac App Store, so no need for sandboxing.

    Sandboxing is good, but it requires a lot of work, and of course it’s not the ultimate cure for malware.

  • ??????? ???????

    It’s utterly wrong to say that sanboxing limits some features of some applications and their interaction with the OS.
    It’s just that this interaction is regulated by some “rules”, that are called entitlements.
    When an app has to perform some complex or system-wide action, it asks for the corresponding entitlement from the OS (i.e. entitlemen to access the internet, entitlement to change system files, etc.).
    So if a sanboxed app wants to offer the same functionality with the non-sanboxed one, that means more work for the developer to set up the entitlements.

    Of course, sandboxing alone can’t solve the problem. For instance, a program may ask entitlements for every single action that can be performed by the OS, thus negating the benefits of sundboxing. So, someone should be in charge of making sure that the entitlements of each program are kept at a minimum.
    Moreover, the creator of a malicious program will of course opt to distribute it through his own site, or torrents, or whatever but the Mac App Store, so no need for sandboxing.

    Sandboxing is good, but it requires a lot of work, and of course it’s not the ultimate cure for malware.

  • ariellabaston

    As a first step, my grip on Snow Leopard and existing apps is tightening!

  • larrymadill

    David Martin  is a killjoy that is destined to ruin our Cult of Mac experience. 

  • ariellabaston

    Whoah there. 1Password is completely different. Keychain won’t manage serial numbers and grab the app’s version number automatically and more. Keychain isn’t multi-platform so I can access the same login data across operating systems (Linux and Windows for example), and keychain doesn’t auto-sync with DropBox either.

    The Keychain system is linked to your login session. 1Password has totally different scope.

  • CharliK

    for 99% of folks it totally is. Because all they need is a place to securely hold their passwords and Keychain Access will let them add any password they want. 

  • Ponter Boddit

    @Prof. Peabody

    “Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.” (Attributed to Benjamin Franklin.) That should sum up my feelings about the balance between computer security and our freedom to use these machines as we see fit.

    You are correct in criticizing an alarmist attitude — but only if you are correct in your assumption that power users will forever be able to purchase non-Mac app store apps directly from the publishers — or even write their own. But that’s not a certainty, and on that uncertainty a little hysteria now might go a long way to preventing such lock-down.

    Given Apple’s reluctance to share its roadmap with anyone — even the bulk of its own employees, if we are to believe widely published articles and books — the best we can do is speculate. One reasonable approach to speculation is to consider the track record of Apple, the directions in which it is trending, and any hints, even if inadvertent, that might be made by Apple spokespeople. My reading of the tea leaves is that the Mac is merely the final piece remaining to fall on a chessboard that has already seen the iOS world captured by the app-store-or-the-highway-we want-our-30% rulers of Cupertino. It just seems a matter of time before the Mac falls. We should have seen this coming a decade ago when the iPod was introduced and its sole (authorized) connection to the world was the set of rules and restrictions embedded in iTunes.

    Apple is becoming the TSA of the computer/consumer electronics world. Line up for the groping.

  • cliqsquad

    Exactly, I tell my Android friends this all the time. I am sorry I don’t want to worry about malware on a phone, I want the damn thing to work and get updates and do cool things. iPhone does that, I don’t need the kitchen sink for my phone. My computer better have the ability to offer me the kitchen sink if I want it, but also offer those non-techies a safe playground. Hopefully this is the route Apple will take with OS X, safe for one group, yet powerful for another.

  • TylerHoj

    Na Na Na Na Na Na Na Na, it’s a Killjoy thing. 

  • Peter Moeser

    As has been mentioned, it is a”a very real problem” to a minority of Apples customers. Yes they might be long standing and very loyal (for now) and so they just don’t like being looked over like a forgotten girlfriend.
    But to the enormous, untapped market of potential customers that will give Apple lots and lots of money, this makes perfect sense.
    Imagine coming across from years of abuse at the hands of the malware and virus riddled world they’ve been forced to endure with windows to find that their computer is (for the most part) entirely safe from unwanted intrusions, re-installs etc.
    If you even know about sandboxing, my guess is that you’ll know a way to purchase the apps that require to live in a free and unencumbered file system elsewhere

  • djrobsd

    RIP Mac.  

  • Dorje Sylas

    A “Pro” switch would be nice. The moderate costs of OSX Lion Server should be a clue to Apple. For an added small fee open up the OS to those who want to/need to tinker. Locking down a computer the way an iPhone or iPad is turns a powerful tool of creation into an oversized and over priced paper weight. To much power, to little outlet.

    As the iPad is proving the average consumer doesn’t need anything more powerful then an A5 chip. Certainly not the latest i7 intel core. How’s them Apples? However if there was a path iOS -> MacOS (or ‘pro/hobbyists’) -> Server (for instructions that need to run their own iCloud) I think we’d all be happier for it.

  • Peter Moeser

    Do people seriously think before making posts like this?

  • Archi

    AirDisplay problem has _nothing_ to do with sandboxing. Great work picking this example.

    This article focuses on fear and maybes. 

    Just for you to know, the App Store is not the only way to buy apps. 
    You don’t want Apple to have control? then don’t use it!
    You want your apps available through other channel? use these channels. (bodega is one)

    Developers are placing their app on the store because everybody wants them there.

    As for the few apps concerned by remote app communication, or power users, they don’t need to look for app on the Mac App Store.

    This store is a deal changer, but developers needs to stop bitching and start evolving along with this technology.

    First step is understanding the target, and if they want to sell to more people, then create different products for different population.

    The Mac App Store is a secure place for people who just want things to work without any other considerations.

    Next time, I’d suggest you control your emotions and be more professional.

  • Tom

    Wouldn’t this just create a sort of ‘jailbreak’ for Mac over time?

  • Chris

    The MAC was great while it lasted, but I always knew there would come a day when it would be “too good to be true”. I have seen the “one trick pony” has become more and more prevalent. Ah well…for every season….

  • Chris

    Curious. Would the author (David Martin) care to expand on this as well? It’s interesting and offers hope.

  • John Howell

    I’m just wondering if cydia would come to the OS x platform if the AppStore gets too restrictive?

  • John Howell

    I’m hoping OS X never gets locked down this way, but at least Linux runs just fine on my mini. You know kow, with software repositories that ate much more flexible than the app store.

  • Kendall Tawes

    I like the closed world of the iPad and iPhone on those devices but if a Mac ever became as closed down as that I’m afraid I would have to move on to another platform. Don’t make me go back to Windows as there are no Linux Distros that support all the software I need.

  • snookasnoo

    Typical COM article.  An attention getting headline followed by extremely poor commentary and analysis.  Alot of sensationalist conjecture with few to no facts.

  • snookasnoo

    Exactly right.  COM is a page view whoring blog and nothing else.  Really pathetic.  It only works with the know nothings but there are plenty of those.  I would be embarrassed to write such nonsense.

  • snookasnoo

    A very real problem?  Well its not very real since it doesn’t exist yet.  if all you know about sandboxing is from reading this article, and apparently it is all you know, then you are very ill informed.

  • snookasnoo

    No.  They don’t know what they are talking about because everything they know about sandboxing is from reading this page view whoring silly article.

  • snookasnoo

    Heh.  Thats pretty funny.  Explain exactly how its junk ware and how being on the Mac App store made it so.
    Because I know you can’t.

  • snookasnoo

    Exactly what is locked down about Apple?
    Because it isn’t.

  • snookasnoo

    Newsflash..the iPad runs a much smaller and simpler OS than a laptop.
    Try an A5 on a laptop with Lion and see how far it gets you.

  • Dilbert A

    Well said.

  • Dilbert A

    Well, to be fair; he’s not completely wrong.

  • Dilbert A

    So what your saying is that they need to advertise better, so that people don’t make incorrect statements like, “1password is pretty much junk ware anyway given that Apple put in the Keychain Access utility that gives you the same function.”

  • Dilbert A

    Parallels 7 on the iMac rocks!

  • Dilbert A


  • iamacat

    I have experienced killjoy firsthand with my own application (SnapItUp), but then thinking of TextWrangler, I am glad that it’s not getting root privilege or installing extra command line tools all over the place on my system. I have to agree that Apple nailed the most common case of users wanting application to only touch it’s own data and what it is told to, not their address books, GPS coordinates, system files…

    We need to work harder to not assume that the users want us to take over their computers, or be patient enough to justify that in a channel outside app store when it is desirable.

  • AdamC

    So if these guys at cult of mac are right then all softwares for the Mac will be as it is because these programmers will not be to finding ways to improve their softwares better because of the sandboxing challenge. 

    But are these developers after spending years of hard work willing to forego their profits centers.

    As for the 30% cut I wonder why cult of mac is making such a big fuss, it is nothing new. The App store is great for users because they know they are buying safe softwares. 

    The FUD that Apple want all softwares to be only available at the App store is simply words put into the mouth of Apple by cult of mac. 

    Btw the more great softwares available for the Mac the better for the platform. Can’t blame these guys at cult of mac because they are well simple minded bloggers.

  • JDWages

    Could you please name all those 99% of people you apparently know?  :-) 

    The truth of the matter is, if more people know about 1Password (version 3.8 anyway), more people would use it.  It’s really changed the way I use my Mac, and I must say it is as valuable to me as Outlook, Photoshop, Illustrator and Word.

  • JDWages

    I clicked Like on your post because in part I agree.  However, since the alternative is Windoze, I would likely just stick with the Mac I have rather than switch to a vastly inferior OS, no matter how much so-called freedom it affords me.

  • Ali

    This topic is important and the article only exists to make you aware of the issue, what it means, etc.  – what kind of facts would you like to see? It is pretty clear what Apple is up to – they want to lock in that 30% revenue at the expense of loosing features in apps under the cover of making it a security issue. So a  challenge for you and anyone like you – how about contributing constructively to the discussion rather than just complaining about something as trivial as a headline? And do so using your real identity.

  • Anony Mous

    The answer is: OSX 10.5.8 — the best OSX Apple ever produced, before they started breaking drivers and throwing out people’s investment in PPC software, and sandboxing, and not supplying DVDs, and building a 10.6-or-higher-only app store… but after 32/64 bit support for data — and Hackintoshes.

    You can make a *great* OSX machine this way, and you have access to all the best software. Pretty much anything built for 10.6 or later can be rebuilt for 10.5 *if there is demand for it* because developers, obviously, want to sell you software. There’s no good reason to support a manufacturer that has lost its collective mind.

    And as for Hackintoshing things… quad chip, 24-core / 48 thread capability anyone? 192 GB of ram, anyone? Wide range of cases, power supplies, drive bays, anyone?

    The more people that do this, the better off the user community will be. And we’re already seeing 10.5.8 fixes coming from non-Apple sources, since Apple, as usual, has abandoned those who have not up([cough]down)graded to Lion.

    Just as XP-pro (no ridiculous “validation”) was the obvious stopping point when Microsoft went bonkers, so too is OSX 10.5.8.

  • Anony Mous

    No. We don’t need to work harder. This isn’t a problem, or at least, it wasn’t until Apple made it one. OSX 10.5.8 FTW.

  • putaro

    Not true.

    First of all, applications that are distributed through the App Store cannot request administrator access.  That’s a rule for being distributed through the App Store whether your application is sandboxed or not.

    Second, if your app is sandboxed it cannot access Authentication Services.  It’s right there in the documentation.

    There are a number of functions that cannot be provided by sandboxed apps.  That’s not necessarily a bad thing as long as sandboxing is not required.

    Sandboxing, however, is taking aim at the wrong targets.  Most small applications are not targets for malware and sandboxing them does not add significantly to system security.  Now, it is true, that some small applications ARE malware, but this is a technological bludgeon that Apple is trying to use instead of policing the App Store better.

  • TheOneRoadRunner

    Is it the beginning ? Or is it the beginning of the end ?I could see the need on ios…but what i want from os x isn’t in the sandbox.. that might be enough to drive me back to the dark side once more !!

  • azav

    Usability wise, sandboxing sucks ass.



    Apple is well down the road of no longer making operating systems that we actually like to use.