Catching up on my podcasts, I came across the following exchange in "Security Now!"
with Steve Gibson and Leo Laporte. CoffeeFiend may find it especially interesting, as he's suggested that, post-Windows, Apple would be his first choice. (Emphasis added.)
Steve: ...And I did pick up a little security news that Apple has postponed their enforcement of app sandboxing, iOS app sandboxing. So Touch, Phone, and iPad. It was going to go into effect around now, but they're moving it back to March 1st and then saying we're not moving it again. Now, the problem is that this is - it's a mixed blessing. It is an enhancement to the security of iOS and of all iOS apps at the inevitable cost of features. So developers are not happy and have not been implementing Apple's sandboxing because it is restricting. It's restrictive and restricting some things that they would like to be able to do, reaching out of their own file system zone in order to --
Leo: It's actually, Steve, it's worse than you think.
Leo: It's not iOS, it's the desktop. They're talking about all apps sold in the Mac App Store. And I understand your confusion because you don't use an iPhone.
Leo: They're not talking about iOS. That's already implemented. They're talking about in the App Store for desktops. So it's really kind of a shocker. And it's something I'd actually been worried about for some time because, while you can still, and always probably will be able to - well, I shouldn't say always - for the time being be able to sell apps outside the App Store, there's so much convenience and value to buying apps in the App Store that I think a lot of users have moved to the App Store. So what Apple's now saying, they've said all along no demos, no betas. What Apple is now saying is, if you want to --
Steve: I'm stunned.
Leo: I'm stunned, too. If you want to sell apps in the App Store on the desktop, your apps must be sandboxed. We've talked about this on MacBreak Weekly. I think the iOS-ification of the desktop is where Apple's headed.
Steve: Oh, yeah, as I said, with the inevitable loss of features. Now I'm stunned.
Leo: Can you imagine an application that cannot write to the file system?
Steve: Holy moly.
Leo: I truly believe that Apple's intent is to get everybody using its desktop computers to essentially be in an iOS-style state. It will be undoubtedly secure. And I don't, at some point, I don't understand how the transition's going to occur because of course you can still - I can buy an app that can write to the file system and for the time being will continue to. At some point, for this to make any sense, Apple's going to have to turn that feature off and say, just as on iOS, you must buy from the App Store, unless you jailbreak it.
Leo: Am I wrong? If you sandbox, does that not mean that you cannot write to the file system? Isn't that what that means?
Leo: I think what's really happening, and I think - now, with Steve [Jobs] gone, this may change. There are already some changes happening. And I think that this was a Steve. But with Steve gone, some of this is up in the air. But here's what I think they were headed towards: making, essentially making - and by the way, Microsoft's kind of doing the same thing with Windows 8 - making the desktop essentially an iOS, which is more secure, more controlled. I suspect Apple's apps, just as on the iOS, Apple's apps can do things that other people can't, because we trust ourselves, I suspect that what this does is pushes you - and Apple's always wanted this - into Apple apps. Apple would like you to buy only Apple apps...
Leo: ...I think what will happen is that people who want a full operating system will have to migrate somewhere else.
The following provides some background:
Leo: Now, the question is also how Apple implements sandboxing. We're interpreting it in the most draconian, strictest form. And I'm looking at what they do right now in OS X Lion, and they do allow an app, for instance, to write to the hard drive. But they have to go through Apple's dialogue box to do so. They can't examine other people's files. In other words, it's almost like application-based permissions.
Steve: Yes. I'm looking at something here, it says, "To then meet the program's needs, the developer includes a sandbox rule called an 'entitlement.' That allows the program to access the needed resource defined in that entitlement. The entitlements are managed by Apple, and thereby allow Apple to centralize how sandboxed programs can access resources in OS X."
Comments? As Steve and Leo say at another point, soon Linux will be the only place where people who want to tinker with their OS can go.