Software Development

sandboxPhoto credit: livingindryden.org

I’m very excited about the new operating system and the APIs it holds for developers.

One new feature that is going to be very popular amongst users and holds real benefits for them is the App Sandbox.

What is App Sandbox?

Entitlements

Basically, the App Sandbox needs developers to specify what kind of access to user data an application they create needs.

You basically start with no privileges (so called “entitlements”) at all and work your way up for what your app needs. 
Does it have open or save panels? You need an entitlements for that.
Does it need access to the network? More entitlements.
Does it need to access iCal or Address Book? Even more entitlements.

Apple states there are currently 15 entitlements, but the list may change in the future.

Containers

For data saved by applications, like preferences files, Core Data storage, “Shoebox” data, basically everything except Documents the user saves or are autosaved by OS X Lion, each application gets its own Container in /Users/yourname/Library/Containers/, like /Users/matthias/Library/Containers/at.EternalStorms.ScreenFloat/

An application that has no entitlements for file system access can not access anything beyond that folder without the user’s consent (a user can give their consent with selecting files in open or save panels or by drag’n’dropping items onto or out of the sandboxed application).

Deny, deny, deny!

Anything an application requests it doesn’t have the proper entitlement for gets denied by a process called sandboxd, the sandbox daemon. It manages the sandboxed applications and their access to things they are or aren’t entitled to.

This is what your Console looks like when something gets denied:

27.07.11 16:56:14,480 sandboxd: ([2460]) screencapture(2460) deny file-read-data /usr/sbin/screencapture

XPC

XPC helps take the sandbox paradigm even further, making apps even more secure. Instead of having one executable that does it all (access the web, access iCal data, access Address Book data, write stuff to disk, read stuff from disk), a developer splits these tasks up and basically creates for each of these operations a executable with just enough entitlements to do its work.

So if you have an application that can access your Address Book and the web, there’s nothing from stopping the app, had it been compromised, from sending that data to a server.

However, if you have two different executables, one with just the Address Book entitlement and another with just network access, it’s not that easy anymore for intruders to do their dirty business.

XPC lets these two executables talk to one another, inside their shared sandbox.

What is App Sandbox good for?

Something that has been said a thousand times in the WWDC sessions to make abundantly clear what App Sandbox is good for:

It’s a last line of defense against evil-doers.

If an application has been compromised, it can’t do anything beyond its entitlements. That’s a very good thing.

So what does it all mean for users and developers?

Users

For users, it’s a great thing to have in terms of security and privacy of your data and I think every user should be excited about it. I know I am. It’s a great solution to a problem that has been dragging on too long, and Apple stood up and took a shot at it, and I think they did very well. For the most part.

In terms of what app developers will be able to make for those users, well, that’s another story which I’ll explain next.

Developers

In general, for most cases, developers won’t have any trouble with the App Sandbox. Version 1.2 of ScreenFloat – which is currently in Review for the App Store – already is a client of the sandbox and I ran into no trouble with adopting the entitlements, what so ever. It does what it does, just like before, but now, it’s safer, and I’m very excited about that.

What worries me, however, and, judging from what I’ve read on Apple’s developer forums, worries quite a lot of other developers as well, are the so-called temporary entitlements.

Temporary entitlements are for certain cases where it’s not really safe to do something, but Apple hasn’t figured out a safe way to let the app do it yet, so they made an entitlement for it. A temporary one.

Let’s take, for example, iTunes. There are a lot of applications out there that can “remote control” iTunes with global hotkeys.
In the background, the application is sending out an Apple Script, or doing its work over the Scripting Bridge, or are sending Apple Events directly (Apple Scripts and Scripting Bridge work with Apple Events in the end, but it’s at a higher abstraction level API wise for developers like me, who have no idea how to create Apple Events in the first place).

For this case, Apple has created a temporary entitlement. Alright, so it works.

What bothers developers however is the term “temporary”. What _is_ temporary, exactly? Will there be a replacement once the temporary entitlements vanish?

Let’s look at a perfect example for this:

GimmeSomeTune and the App Sandbox

Some of you might have read it on Facebook, others may have on twitter, for those of you who haven’t, here’s what happened:

I’ve halted development on GimmeSomeTune because of the temporary entitlements, more so because of the questions I asked above that have yet to be answered by Apple.

But let’s take it one step at a time:

GimmeSomeTune gets notifications with userInfo payload objects from iTunes. That’s no problem yet, since iTunes is yet to be sandboxed. But once it is, it can only send notifications without userInfo payload objects, and that object contains all the necessary information, like Title of Song, Album, Artist, etc.

So GimmeSomeTune, in its current form, could work for some time, until Apple decides to sandbox iTunes. Boom! Rien ne va plus.

GimmeSomeTune downloads artwork and lyrics and sends them to iTunes through the Scripting Bridge. The Scripting Bridge is essentially sending Apple Events to the app you target, in my case, iTunes.

The sandbox allows for Apple Events to be received by an application (without entitlements), but can not send any, without the temporary entitlement. When the entitlement is no longer valid, the main functionality of GimmeSomeTune breaks. Boom! Rien ne va plus.

So what it comes down to is this:

GimmeSomeTune would work right now in its current state, with temporary entitlements and hoping that Apple will never sandbox iTunes so it will continue to send notifications with userInfo payloads (which is doubtful, since iTunes is your digital hub and all, so they’ll be sure to sandbox it at some point, I guess).

But what happens if iTunes was sandboxed?
GimmeSomeTune would break, it would not know what song is playing in iTunes and hence wouldn’t download information and send it to iTunes, rendering the application useless.

And what if the temporary entitlements go away without a proper replacement API?
Again, GimmeSomeTune would break and it couldn’t send downloaded data to iTunes anymore, again rendering the application useless.

Why not just release it and hope for the best?

Sure, I could release GimmeSomeTune with temporary entitlements and hope they stay around forever or that there’ll be a replacement API for them.

But I have to consider what happens if they don’t (which is, in my opinion, 100% certain) – angry users, having paid for software that doesn’t do its job.

I am not willing to take that chance. I will wait to see what Apple comes up with.
And if there is a replacement for temporary entitlements in the works, and when I’m certain GimmeSomeTune will work with it, without the fear of having the application break at some random point in the future due to functionality that is ripped out from under it, only then can I release GimmeSomeTune with confidence and the knowledge that its users will be able to actually use the app.

And I believe this is the right choice.

Sandbox at its finest

Would you like an example of what kind of apps are completely unsupported in the sandbox environment?

Applications that change developer-signed files inside of app bundles that are a) developer-signed and b) running in the sandbox environment.

May I present the worst case Scenario: PresentYourApps

Some of you may know this little app of mine. PresentYourApps lets you hide the menu bar and / or dock for applications you specify, making more screen real estate available. Or at least, it _let_ you.

On OS X Lion, it works some of the time, but I highly discourage you from using it on that system, and I will take down the download link in the next couple of hours.

I discourage you, because it breaks apps you use it on.

I got an e-Mail from a user who tried it on Preview.app on Lion, and after he restarted Preview.app, it crashed on launch. Luckily, PresentYourApps keeps backups of the file it edits, so the user could make Preview.app work again, but it was scary.

Well, PresentYourApps has been long overdue and begging for an update, but because of these circumstances, I decided to discontinue working on it all together and removing it from my website, since it will do more harm than good on Lion systems.

 

If you have any thoughts regarding all of this, or GimmeSomeTune especially, please be sure to leave a comment or contact me in any other way!

Thank you kindly for reading,
Take care,
Matthias

[twitter-follow screen_name=’eternalstorms’ show_count=’yes’]

[twitter-follow screen_name=’flickeryapp’ show_count=’yes’]

[twitter-follow screen_name=’screenfloatapp’ show_count=’yes’]

[twitter-follow screen_name=’gimmesometune’ show_count=’yes’]

Read more

icloudPhoto credit: geeky-gadgets.com

iCloud is a big deal for me, and, I believe, for lots of other developers out there as well. Syncing data has become a lot easier with this new service and the according APIs. I once took a glimpse at the MobileMe syncing APIs and my head still spins a little.

What does it mean for flickery?

I’m still thinking of the implications for flickery. I got some nice ideas from users of flickery on twitter and I’m already looking into what is possible and makes sense in terms of flickery.

I could see flickery syncing the items yet to be uploaded or loocking into iCloud’s photo queue and offer an option to upload those items or at least present them in some way in flickery’s upload view.

What does it mean for ScreenFloat?

For ScreenFloat, In a nutshell, it will sync your shots between your devices (I don’t know if a iPhone/iPad version of ScreenFloat is useful, but I’m certainly entertaining the idea of having the shots on, say, your iPad, as well).
It will sync which shots are currently open and floating, which are hidden, which are in your shots browser, it will sync your categories in your shots browser, and their contents.

This is something I wanted to do from the beginning and I’ve been looking into services like DropBox to implement it. Now with iCloud (and yes, I realize it’s still a few months away) it’s even easier, faster, more reliable and more secure to implement.

What does it mean for GimmeSomeTune?

I don’t believe GimmeSomeTune could have any advantages of iCloud in terms of sync. If you find one, leave a comment or write me an e-Mail 🙂

Upcoming Stuff?

I have an upcoming app where iCloud will be perfect and will replace a server-client environment with tedious networking stuff. Stay tuned on that 🙂

[Update (18.06.2011)]

My good friend and honored developer colleague Christian Kienle wrote about the impact that iCloud may have on his applications on his blog.
It’s an interesting read, especially if you’re interested in how you will benefit from iCloud in the near future.

[twitter-follow screen_name=’eternalstorms’ show_count=’no’]
[twitter-follow screen_name=’screenfloatapp’ show_count=’no’] 
[twitter-follow screen_name=’flickeryapp’ show_count=’no’]

Read more

Screen shot 2011 06 07 at 11 51 24

Another WWDC keynote has come to an end, and boy, what a keynote it was. Those guys at Apple surely don’t fool around!

I really hate to have missed this year’s WWDC. There’s lots of new stuff to be discussed there, and while I will download the session videos once they’re available through the Apple Developer Center to developers, it’s still a completely different thing being there, conversing with other people, sharing and exchanging ideas and thoughts and getting to talk to Apple Engineers.

I’ve attended WWDC two times in the past, ’06 and ’08 and I’m so glad I joined in on that experience. I can’t wait to go again, and I’m sad I wasn’t able to this year…

Now let’s get down to some business and talk about some of the new stuff shown at the keynote.

Lion.

We didn’t get to see a whole lot of new stuff on Lion during the keynote. Most of what they showed was discussed earlier already.

In-App Purchases, Delta updates.

A great new thing is in-app purchases (if the thing with lodsys is settled anytime soon) and delta updates.
With delta updates, unlike “usual” updates, where the old application is replaced by the new one which is downloaded completely, only changes in the software bundle will be downloaded and written over the outdated parts. A huge win in bandwidth limits, speed and convenience.

Autosave, Resume.

Things we’ve already seen include autosave and resume. Both huge features in my book because, YES, why would we have to press cmd-s if we have a computer to do it for us automagically and YES, an application should start off where you last left it.
It’s just common sense and if Apple wants to remove the file system, it’s a no-brainer.

Mission Control.

Just one word – awesome 😉 It’s a great evolution of Spaces and Exposé, both features I use profusely and couldn’t imagine living without (although I use it slightly less since I’ve hooked up a Cinema Display to my MacBook Pro as a second display).

Launchpad and fullscreen apps.

Launchpad, well, it’s just a logical step if Apple wants to get rid of the file system as we’ve come to know it.

Fullscreen apps sounds like something I wouldn’t use too often, but who knows, Apple has made it very easy to switch between fullscreen and non-fullscreen apps with the swipe of a few fingers, so with time, I might come around. Right now, it feels kind of unnatural to me.
Going fullscreen was something I did for a short period of time in an app (run a slideshow, go through photos in flickery (shameless self-advertisement, I know), etc.), not something I’d work in for hours.

General thoughts on Lion and later releases.

I think it’s painfully clear where Apple is heading with Lion and subsequent iterations of Mac OS X – away from a file system based operating system to an application based operating system.
Documents will no longer be stored in folders inside folders inside folders but inside the applications they belong to, which, if you ask me, makes sense. To open a document, you don’t need to navigate to the document in Finder but just open the according application and choose the document there, as seen on the iPad with the iWork apps.
There might be a way to still access the file system (kind of like how the Terminal is for users who’d like to access the underpinnings of OS X) but for most of the users, they won’t need to.
A friend on twitter (@freeridecoding) said something that struck me as possible – that Lion will be the last Mac OS that is separate from iOS.

iOS 5.

What can I say except “Boom”? iOS 5 will be a great new release. Here’s a few features I’m excited about (since everything not in the keynote is under NDA, I can only talk about end-user features)

Notification Center.

About time. I’m glad they hired that jailbreak-software-guy, since he obviously knows what he’s doing.

iMessage.

Nice idea, but I’d like to know how they handle SMS now. Is it a different app? Will I have to remember what contact of mine has an iOS device with iOS 5 so I can use iMessage or if they have a, say, Nokia and I have to use the SMS app? Does the iMessage app do this for me? Figure out what device at the other end of the line and send either an iMessage or an SMS?

Reading List.

Great new feature, love it. I’ve been using a bookmark folder and MobileMe Bookmarks Sync for that functionality, but now it will be simpler. Very nice.
Not so nice for a certain developer of a certain Instapaper app. To quote him: “Shit.” (@marcoarment)

Twitter Integration.

I’ll have to see if this will replace any other twitter app for me. I’m guessing no.

Reminders.

This is an idea I had been thinking about for a few weeks (especially the location-aware tasks.) Too bad for me as a developer, I guess. Great for me as a user since this will be the first to-do list I’ll be using.

PC Free.

Finally. There’s nothing I’ve been loathing more than having to physically connect my iPad or iPhone to my Mac just to update the system software.

Sherlocked.

I just wanted to let you in on my thoughts about this. You might have heard this term on twitter or the general web. My understanding is it refers to a search app in OS 8 times called “Watson“, developed by Karelia Software. They wrote that software, released it and some time later, Apple came out with their search software for Mac OS 8.5 called “Sherlock” which was more or less an exact copy of Watson (which put Watson out of business, more or less, but Karelia Software is still doing great). This is where the verb “sherlocked” comes from.

Apple has done this a couple of times before, one of the earliest with the system 7 menu bar clock, where they copied an independent software developer’s idea and app.

Sometimes, Apple has the decency to buy things instead of just stealing them – like CoverFlow, but sadly, that’s not the case very often.

I think this is “below all pig”, as we say in German (which means an effin’ outrage! ).
I don’t like this. Affected developers obviously have no idea that they’re going to get sherlocked and if their application in question is their only source of income, this can put people and families at risk.

So I’d like to see Apple buy things instead of stealing them, but that’s probably quite unrealistic. I guess it’s an occupational hazard – developing for Apple devices more so than for any other’s.

iCloud.

iCloud is the new digital hub. It used to be iTunes, your local machine. Now it’s the cloud, and I do think it’s the way to go. You want your data everywhere, without having to manually copy files over. You want changes instantly populated to your other devices, so you can work on any device whenever and wherever you want. This is great!

For me, personally, Lion and iCloud are what I’m most interested in now. I’d been hoping for an easy way for developers to sync their users’ data amongst devices, and now with iCloud, we have it!

It will be interesting to see how iCloud develops, especially if it would be possible to share sync’ed data with other users of iCloud for, say, collaborative features. That would be a great next step.

Conclusion.

I have yet to install and try out any of this, I’m currently working on an external project with a deadline due very soon and I just haven’t got the time to install all this new software until the deadline has passed (and I hopefully complete the project, hehe), but I’m looking forward to trying all of this!

In summary, this is what your typical user and most developers (including me – this is me, by the way 😀 ) looked like while watching the keynote:

Before the keynote:

before

During the keynote:

during

After the keynote:

after

On the other hand, some developers looked like this while getting sherlocked:

Before the keynote:

before

During the keynote:

during

After the keynote:

after

 

[twitter-follow screen_name=’eternalstorms’ show_count=’yes’]

Read more