Sandboxing? No, thanks!

Mac app sandboxing was to become mandatory back in November last year. According to Apple this is a piece of technology destined to protect app users: "Sandboxing your app is a great way to protect systems and users by limiting the resources apps can access and making it more difficult for malicious software to compromise users' systems.".


From my point of view, sandboxing in the Mac is wrong. Sandboxing is going to affect both application developers and users if Apple ever makes it mandatory for Mac App Store applications. It is already making developers simplify their software, making it less attractive and useful to users, frustrating both.

Mac App Store rules have already prevented many good apps, particularly utilities, from being sold through it. This is likely the case of apps like Hazel, Carbon Copy Cloner, AppZapper or iStat menus, and certainly the case for our own Xslimmer and Clusters, among many others. To cope with the rules, some developers have created partially crippled versions of their apps in order to comply with these rules. Some have even adapted their product to those rules, even if it meant reducing its functionality.

Sandboxing restricts apps even more. Applications cannot directly access files, networks or devices outside their own sandbox. While this might help in preventing malicious software from accessing the user's data, it also forbids many good apps from doing what they are designed to, and prevents them from interacting with each other like they currently do. For example, in Snapshot, our photo printing app, we use Karelia's iMedia framework. This library allows Snapshot users to access pictures from apps like iPhoto, Aperture or Lightroom. To do so, iMedia reads the preference files of these apps and determines the location of their photo libraries. Reading other apps preferences or accessing their content is no longer possible using a sandboxed app. Should we have the user search for the pictures through the file system instead of offering them directly like we do now?

Apple is trying to make the Mac sandboxing work. They are implementing new entitlements, APIs and even exceptions to make it a little bit more convenient for developers to adopt the technology. However, except for keeping access to the MAS, developers do not gain anything by doing so. What's more, adapting existing apps to the sandbox is far from easy, and, in many cases, it is impossible to offer their complete current functionality. In addition, it makes the application submission process more complicated, as entitlements and exceptions have to be justified. Apple explains: "If your app requires access to sandboxed system resources you will need to include justification for using those entitlements as part of the submission to the Mac App Store. Apps that are being re-engineered to be sandbox compatible may request additional temporary entitlements. These entitlements are granted on a short-term basis and will be phased out over time."

With the announcement of Mountain Lion, we have been surprised with a new technology called Gatekeeper. This is a different, newer technology to prevent downloading and installing malicious software. It allows the user to select the level of safety they want: run all apps, run MAS apps or run MAS apps and those signed with a developer ID issued by Apple. Users can even temporarily override secure settings by Control-clicking, and use any app at any time. So, the user is in control and developers do not have to make any major changes to their apps.

So far, Apple has had to delay the MAS mandatory sandboxing deadline twice, and the last time, it has even relaxed some of the rules. I hope that when June comes Apple kills the sandbox completely, and when it does, it does so in favor of Mountain Lion's Gatekeeper. For well-behaved developers, it would mean to keep working as before. For users, it would mean to keep enjoying fully functioning, well integrated apps, and yes, this time, in a more secure fashion.

--
Other articles on the same topic:

The App Culture

OS X Lion Sandboxing Is A Killjoy Destined To Ruin Our Mac Experience

Mac App Store Sandboxing Requirement Pushed to March as Uncertainty Looms

Real Security in Mac OS X Requires Apple-Signed Certificates

Sandboxing and Clipstart

Between a rock and a hard place – our decision to abandon the Mac App Store

Why the Mac App Sandbox makes me sad

Sandboxing

Think sandboxing will stop malware? Here's why you're wrong, Apple

Mac OS X 10.7 Lion: the Ars Technica review

Developers React to OS X Mountain Lion

Announcing Lab for iOS

It is been a while since I last posted here. I am happy to do so to announce our newest product, Lab. Lab is an app that I wanted. I found myself often wondering when and where this or that picture on my iPhone was taken. So, now, using Lab, you can get detailed information about the picture in your iOS device's photo library. That way, you don't need to transfer your photos to a computer to find out details about your own photo library. Sporting a gorgeous design, Lab is the perfect complement to your iOS device's photo album. Using Lab you can:

• Find out the resolution and size of your photos.


• Let Lab remind you when and where a picture was shot. The location, when available, will be displayed for you in a map.


• Examine advanced info including histogram, exposure and shooting details, right in your device.

Lab 1.0 is available now for iOS 4 in the App Store. If you like to take photos, give it a try for just $0.99. We hope you like it.

iPad: 7 Things to Love, 7 Things to Improve

To Love

Size. If there is something I like is to be able to use the iPad practically anywhere. I am writing this on a plane where it would be hard to fit a laptop, given their "fit as much people on an aircraft as possible" policies. The iPad fits nicely and allows me to get the job done. It is very portable and you do not even need to take it out on security controls.

Screen. Colors are vivid, resolution is nice and the overall usage of the screen is a joy. At 768x1024 pixels games look great, but almost all other applications can benefit from the screen too. Sketches 2 has even more potential here than on the iPhone given the screen real estate.

Sound. Due to its thin size, I was not expecting to get good quality sound. I am glad I was wrong. For my ears, the speaker on the iPad is practically of the same quality of those on my 2007 Macbook Pro.

No heat, no noise. On most laptops, and computers in general, CPU or graphic intensive applications cause the temperature to raise. In the case of laptops on your lap, it can get uncomfortable. But it is not only that, raising temperatures imply heat dissipation mechanisms, which are normally noisy. Not with the iPad. Even while playing games, the iPad is cool and quiet.

Battery life. You can play games, watch videos, listen to music, browse the Internet or whatever you like to do. The battery will last for at least 6-7 hours. In my experience, it can even surpass the 10 hours of the Apple specifications. Amazing.

Instant on. Casual use feature never one. No waiting for your computer to boot up. Want to google something? Grab the iPad fire Safari and surf away. Look up an article on Wikipedia? Play a game? Same thing.

Safari. If there is a killer app that comes already installed in this device, I would say that is Safari. Browsing the Internet with this is a joy. It was not long ago that many Internet sites read "this site looks great at 1024x768". Here you have it in the palm of your hands.

To Improve

Memory. The iPad has 256Mb of RAM, the same as the iPhone 3GS. I find this the weakest point of the iPad. Checking the crash logs, running out of memory is the primary cause for most of them. Having much higher resolution than the iPhone, this is not strange. I would have guessed that Apple had placed at least 512. Maybe on the next version.

Weight. Obviously, at 1.5 pounds (680 grams), it is much lighter than a laptop. However this machine is supposed to be easily held with your hands. Reading a book or playing a game can easily get tiring given the heaviness of the device.

Battery charging. If you connect your iPad to your computer it will take a while to get it charged. In my tests 5 hours did not get me a full charge. Fortunately, the charger included with the iPad, even with the same size and aspect of those of iPhone and iPod, is more powerful, so it is able to speed the charging process. Still long.

No protection included. With such a big screen, the iPad can easily get harmed if unprotected while traveling or if handled carelessly. A simple cover to protect the screen would have sufficed to keeping the screen safe in most situations.

Screen becomes dirty. Oleophobic or not, the screen easily gets full of fingerprints. This is not much of a problem while working with the device, but does not look good when the screen is off.

iPhone Apps. I am glad that I can run iPhone apps on my iPad, don't get me wrong, but they do not look good. At 1x apps look too small, at 2x they look pixelated. I believe we could see a better 2x mode in the future.

Mail app. While email look good, navigating between accounts takes several steps. In addition, there is no mail list while reading your mail in portrait until you hit the email list. Then, there comes a popover, you select a new message, the popover goes, and you have to repeat this process again. Personally, I want to be able to switch messages and accounts quickly independently of the device orientation.

Conclusion

Overall the iPad is an amazing machine, more taking into account that this is version 1.0. These are just some of the small things I would like for Apple to improve. However, I must say that I am very happy with it both as a user and as a developer.

Written on an iPad, using Pages.

Sketches 1 and 2: Two Products in the App Store

As some of you might already know Sketches 2 is available on the App Store. Also, the original Sketches is still available as a different product.

When Sketches was created, it was a simple drawing application. It had no menus, no color or line width selection, or anything else. You were able to draw using a red line of fixed width. When the application was closed, it stored the document. When the device was shaked, the drawing was erased. With each new update, thousands of downloads occurred, a clear indication that there was interest for such a product.

In version 0.3 of this jailbroken world, we added several options to choose color and make some simple geometric shapes using the multitouch capabilities of the iPhone. This version was a big push, and made Sketches even more popular.

When Apple announced the SDK, along with the App Store, Pedro and myself seriously considered the idea of making this our way life. For several months we worked in making Sketches a more complete product, while converting it to the official SDK.

On July 10th 2008, Sketches was among the initial group of apps to make it into the store. It was also featured on Ars Technica and promoted by Apple in the European Union. For us, it was a big success. We made $150,000 during the first three weeks of sales.

During the next months we worked on adding the features we had originally designed for version one, while resolving any bugs that appeared. We added text shape creation, tooltips, additional stamps, web sharing, improved image flattening, fixed memory issues, fixed map rendering issues on certain locations, improved mail sending of drawings, added ink opacity options, added corkboard rearrangement, improved zoom, improved saving performance, etc.

At the same time, we received many different requests to make Sketches a more professional product, featuring an advanced color picker, transparency, brushes, more zoom and so on. As we designed these features, we realized that the existing UI was not able to hold them. In addition, we would need to change the way things are done to fit this new functionality (for example, a progressive zoom that worked like in the photo album would need the shape placing mechanism to be changed). Finally, we were taking little advantage of the new 3.0 SDK functionalities. It was time to move onto version 2.

When we designed Sketches 2, we decided to make it 3.0+ only, and to change the menu system, looking to achieve 2 things:

• 1. Be able to work while having the menus open, so you could change the ink color or other options without having to reopen the menu every time.


• 2. Keep the original simplicity, while adding the advanced options
  
  
  
  
  
  
  
  

(example of Skeches UI evolution)

Once the product was almost ready, we saw that the changes were many, and made it a different product, with different usage. So, for the time being, Sketches 1 and 2 are going to be living together in the App Store. We probably could have called them something like "Sketches" and "Sketches Pro" or "Sketches Classic" and "Sketches Advanced", but we liked "Sketches" and "Sketches 2" better.

We did not want, however, to forget those users who welcome change and are looking for the new Sketches 2 features. So, for a few more hours, we are still promoting Sketches 2. The promotional price is just $1.99. Take advantage of it!

For us, it is time to get Sketches 2 onto the iPad!

LateNiteSoft Contribution to Haiti Relief

Unfortunately, it seems that only through big tragedies we are able to gain perspective on our lifes, and are reminded how extremely lucky we are that our families are healthy and safe.

As we were talking about this during lunch, our twitter stream showed a couple of great help initiatives from the Mac and iPhone communities. The guys at OmniGroup are donating more than $45,000; Mike Piatek-Jimenez will donate all proceeds from Seasonality for the rest of the month; Daniel Jalkut and others are calling for action on an initiative being put together by Justin Williams. We decided to adhere to Justin's idea, but we thought we'd also like to do something by ourselves.

Although we are not able to provide such a substantial up-front help as OmniGroup's, we thought we could just keep half of our income from the sales of Sketches (versions 1 and 2) during one week, and donate the other half to a non-profit aid organization. If you like our products and would like to help us on this, please consider buying Sketches or Sketches 2 now.

On a personal note - since we created LateNiteSoft, I have frequently considered how lucky I am to enjoy the best job I could ever dream of. However, I also get anxious or sad about work issues or personal situations, and those feelings sometimes obscure the rest. I will try to approach the future with a better scale, to be permanently aware -and not just during a crisis- of how mundane and small my problems really are. I hope this resolution, my only one for 2010, will make life a bit easier for those around me.

Update: We finally donated $1510 to Save the Children. Thanks very much everyone for helping us with this!

Xslimmer 1.7 now available, fully compatible with Snow Leopard

Xslimmer 1.7 has just been released! It supports 64-bit binaries, honors code signing rules, is able to handle and create native HFS-compressed files and adds many other improvements that will continue to provide a worthwhile and reliable experience to Snow Leopard users (as well as to all others that choose not to upgrade to the latest OS yet). Read on for the gory details!

Universal Binaries are so 2008, aren't they?

Well, unfortunately they are not. Or, should we say, fortunately they are not. Universal Binaries were a key technology that allowed Apple to transition from PowerPC to Intel CPUs in the most awesomely flawless technology adoption ever. The same Universal (or, as they are affectionately called, "fat") Binaries are being put to work again to ensure that Snow Leopard and its apps run flawlessly in all compatible Intel machines, including 32-bit and 64-bit ones.

So instead of packaging binaries in a bundle that contains PowerPC and Intel versions of the code, it will now become usual for developers to provide the 32-bit and the 64-bit versions of the same code. The 64-bit version will be used in 64-bit computers, whereas the 32-bit code will run in CPUs that are not able to handle 64 bits. There is no magic way for the system to transform one into the other, so no matter what computer you have, chances are many of the apps you install will contain code that will be ignored and never will run.

But it gets more interesting! Snow Leopard is truly awesome, but there is no reason for developers not to support Leopard if they can. True, some apps will take advantage of Snow Leopard exclusive technologies such as Grand Central Dispatch, OpenCL or some other new APIs; however, many others won't need these innovations yet and will still support Leopard. But Leopard does run on PowerPC machines, so developers should include a PowerPC version of the code if they want to support the same hardware requirements as the OS. As a result, we are starting to see applications that include not two, but three architectures: Intel 32, Intel 64 and PowerPC. This is the case for some very popular apps such as Tweetie for Mac or the latest version of Apple's own Airport Utility.

Xslimmer was designed to handle these situations, and it has now been tested and optimized for the scenarios above so it will always keep the best version of the code that is available for your Mac. If you own a 64-bit-ready Mac, then Xslimmer will preserve the 64-bit version of your applications' code - when it's available.

Won't Xslimmer break 64-bit applications? What about code-signing?

As discussed above, Xslimmer carefully analyzes your applications and selects the best possible architecture among those available. This is done in a per-application basis, and not following some batch process that blindly keeps a single combination. Analysis includes evaluation of signed resources: code-signing rules are fully honored so that only binaries that can be safely modified will be processed.

Extreme care is applied when slimming, and the operation is performed in the most friendly way. Your slimmed applications are registered again for you in the internal OS databases - your keychain authorizations are preserved, and you don't even need to restart your Mac after slimming it.

But Apple applications are already compressed!

Snow Leopard achieves significant space savings by using transparent file system compression. In fact, all system applications and utilities are installed in a compressed state, although they are transparently uncompressed on the fly without the user ever noticing. Xslimmer 1.7 recognizes and supports this type of compression: if a compressed application is slimmed, then it will be recompressed automatically. Therefore, all system applications in Snow Leopard will still benefit from additional space savings if they are slimmed, without affecting their compression status.

When running on Snow Leopard, Xslimmer will always show you the actual size your applications take up in your disk, and not the uncompressed size as reported by Finder and other tools. This way you can be absolutely sure about the savings you achieve.

We have even taken this technology a step forward. A new option in Xslimmer 1.7 will allow you to compress slimmed binaries that were not originally compressed. This way, your installed third party apps can also benefit from this awesome new HFS+ compression technology in Snow Leopard.

Ok, I'm sold - I'll give it a try!

Wonderful! We've always worked hard to prove that your choice of Xslimmer is really the best option for your slimming needs. In Xslimmer 1.7 you'll find many features designed to slim your Mac easily and with total peace of mind. These include:

Strip out unneeded localizations - As usual, Xslimmer 1.7 will remove translations you don't need, achieving great space savings.

Visual indication of architectures - Another new feature in Xslimmer 1.7, you can now see what architectures an app contains and what the resulting architecture is: Intel 32, Intel 64, PowerPC 32 or PowerPC 64.

Downloadable blacklist - for those apps that check themselves (for anti-piracy reasons, usually) and refuse to start after they have been slimmed. We test every report from other users about malfunctioning apps.

Your personal exclusion list - for folders in your disk that you don't ever want to mess with, for whatever reason.

Integrated backups - designed to let you test your slimmed apps with the confidence that you'll be able to recover them in one click.

Extreme compatibility - Xslimmer 1.7 has been fully optimized for Snow Leopard, but it will still run in Panther, Tiger and Leopard.

So, no matter whether you are a longtime Xslimmer fan or have come across it recently, now is an excellent time to check the combined space savings that Snow Leopard and Xslimmer will bring. We hope you like Xslimmer 1.7!

From Orange to Apple

Maybe the title should have been “From an Orange Executive to an Apple Indie Developer”, or simply put “Learnings After One Year as Indie”. Basically, I wanted to explain how I came to make one of the biggest changes in my life, what the motivations were, and some of the things I did learn throughout the process.

My background

So, at 39, I was a reasonably successful executive at Orange, the French telecommunications company owned by France Telecom. At that time, France Telecom had more than 200,000 employees, more than 3,000 of them in Spain. I was one of them, one of those called “Top 100”; a director in charge of Web operations, leading a group of nearly 50 people. I had a nice salary and nice benefits too.

I worked for Orange during 8 years. Prior to that, I had been working for other multinational companies, always related to technology, which was, and still is, my passion. That is also the reason why I majored in computer science. However, soon after I started working, it became clear that I could not make a living creating software, at least not the software that I wanted to make. Soon after that, I got a masters degree in business administration, and began a managerial career that some years later took me to Orange.

During my time at Orange, I started Cocoa development, a bit as a hobby. I had been developing applications, mostly games, since I was 14. Being new to the Mac, I wanted to see what Cocoa was about. At the same time, Pedro, who also worked for the same employer, had this idea about making a universal binary stripper. So he went ahead and made the first implementation of his idea as simple shell script. It worked just fine. We had been working together several years, and we knew each other quite well. When he showed it to me, I told him that I wanted to make it more “Mac-like”. I, then, created a user interface that showed the application list and an icon for the architecture. Finally, Pedro integrated the guts of his script into Cocoa. It was the birth of Xslimmer. To our surprise, Xslimmer's popularity began to grow, and with it, so did its sales.

Months later, around August 2007, we created Sketches. Those were the jailbreak days for us, as there was no official support from Apple for third party applications. Interest for it skyrocketed, and for every new update there were hundreds of thousands of downloads. Some months later, Apple announced the SDK and the App Store. It was clear that there was an opportunity.

The change and its motivations

So, my day job, family and other responsibilities were taking most of my time. I felt stressed, and drank a lot of coffee. I had a gut feeling that the time was coming to make a change. As opposed to what was clear to me in the early 90‘s, Xslimmer had taught me that it was possible to make a living on selling software that I had created. And the App Store was coming.

At that same time, Orange was starting to feel the pounding from the world's financial and economical crisis, and had bad forecasts for the future. As it had happened in several occasions before, and in preparation for the crisis, there was a management reshuffle. I was offered the IT Project Management Direction. The job was for sure interesting, but my head was somewhere else. I needed to pursue my dream of creating my own software company, one that would make software I wanted, and I knew that the time was then.

I left Orange, on July 4th, 2008. Exactly one week before the App Store went life.

The learnings

After one year there are a few things I have learned, that might deserve sharing:

App Store success is temporary. I compare it to the music industry. While you are on the top chart, you sell; once you are out, your sales level is much, much lower. In our case, Sketches did great for a couple of weeks, reaching Top 12 in the US for a while.

Apple listens, but it takes them a while to react. During the iPhone SDK beta testing, we wrote several bug reports - it sometimes took several weeks, but they were all answered to, and most fixed. Once the App Store was live, I wrote an article a while back that included several suggestions for improving the App Store. Most of the things that I wanted changed are now changed. For example, allowing only users of the application to voice an opinion and rating about it.

On marketing, experiment and follow your instinct. During this year we tried different things that did not work out. From joining other developers to create an “Apps Gems” site, to purchasing online advertisement. We were new to those types of actions. However, simpler, and cheaper, tactics did work out quite well. Twittering, blogging or simple press releases did much more than any expensive advertisement. I obviously need to learn more on this.

Get help for your paperwork. Administrative stuff and taxes is unavoidable. You just have to do it. We have a small accounting company that takes care of filling up the necessary forms and that keeps the accounting information for us, but most of the work, you still have to do. You have to process those PayPal reports, you have to process those iTunes Connect Financial reports, you have to scan all the invoices you receive, and so on. But having help from a third party places some routine to it, and ensures that you will meet the necessary deadlines.

It is not all fun, but automation helps. You cannot start new products all the time. You have to take care and nurture your existing products, so that your customers realize you actually take them seriously and are committed to making them better and better. Your customer base demands time too. Customer support takes a good chunk of your time. The more products and the more sales, the higher the number of customer support requests. I would say that around 2% of sales translate into customer support requests. Most are very simple, but some are not. The solution is to try to automate things as much as possible. From self service (recover your license) to email templates, all helps.

Working at home is harder than I thought it would be. This is not because of a lack of discipline, but, in my case, the environment is really noisy and busy during the day. I found myself trying to work while being interrupted. Being used to code at night, this was really hard for me. We ended up renting a small office, just a few days ago.

There are more things in life than just work. For a couple of months, I believed Pedro had lost interest in our little software start-up. One day he explained to me that he was ending his 15-year-old marriage. It took a while for him to reorient his life, and, as a result, we deviated from our scheduled workplan, and part of our initial inertia was lost. However, now I try to spend more quality time with my family, while keeping a more flexible philosophy about how to spend my time. For example, last week I took the afternoon off and spent it having fun with my family. What's more, I did not feel guilty or time pressured about it.

You can do all those things that you never could. Now there is no excuse. It is just a question of organizing yourself. In my case, I wanted to lose weight. That is hard to do when you spend a lot of time traveling around, eating sandwiches at meetings or while preparing presentations at 2AM. But once you are the owner of your time, it is. I lost 20Kg (44 pounds) from September to December last year.

The dream

So, now what? Well, when I think of what I want to accomplish in the future, I do not think of creating a huge company with many employees, controlling the world’s software market. My objective at this point in time is to create a company similar to Panic or the Omnigroup. These companies keep the indie spirit, while having some specialization and some size, so they produce quality products while providing a quality service, as their employees can dedicate most of the time to what they do best.

So, for LateNiteSoft 2.0, and if our numbers allow for it, my intention is to hire an enthusiast support/webmaster/marketing person, as the first non-founder employee. Then, where we go from there remains to be seen, but I am sure it is going to be both interesting and fun.