Slashdot Mirror

Look at Apple's Q&A on this topic:
http://www.apple.com/pr/library/2011/04/27Apple-Q-A-on-Location-Data.html

You can also look at their support page on location services:
http://support.apple.com/kb/ht1975

Notably, the first link says: "These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."

Apple's implementation is different than Google's and Skyhook's, particularly as it relates to how a phone estimates its location from the visible APs, but its still sending geotagged MAC addresses up to a mothership.

Your absolutely right that a cell phone doesn't need to use wifi to get an estimate on where it is. But, as I said before, wifi triangulation is much, much more accurate. That's not necessarily a big deal if you're just using it to assist GPS, but it might be if you're using it as an alternative to GPS (for instance, if you're using an iPod touch, or you're inside a big building and can't see GPS satellites). Apple's Q&A says the iPhone will use geotagged wifi information from their database in addition to cell tower information.

My iPod touch is not figuring out where it is based on IP address. If you turn on location services in the settings its using the geotagged wifi database. That's how its able to pinpoint your location to around 100 meters or so. There actually seems to be a bit of an inconsistency between the two Apple pages. The first one makes it sound like the iPhone has its own cache of geotagged APs, but the second one points out that the iPod Touch needs an active Internet connection to work. I've noticed that on my iPod Touch. That implies that its sending something up, and getting a response back. Maybe the iPod just passes up the MAC addresses of visible APs, and it gets back geotagged MAC addresses, and does the triangulation computations on the iPod.

I don't understand what point you're trying to make in your second paragraph. You're right that Apple devices don't auto connect without user authorization. That's true, but irrelevant. iOS devices can certainly see the MAC addresses of visible APs without connecting to them.

If it's so easy, then why does Apple state that "MacBook, MacBook Air, and MacBook Pro models with built-in batteries should be replaced only by an Apple Authorized Service Provider, Apple Retail Store, or Apple Service Depot"?

Actually, I have Apple hardware (among others) but prefer Java for most development (since I do use Windows, Linux and OS X as I stated, and Java covers it all).

No, Java doesn't cover it all.

To save people the trouble of clicking the above link to developer.apple.com, I will quote the relevant text here:

"As of the release of Java for Mac OS X 10.6 Update 3, the Java runtime ported by Apple and that ships with Mac OS X is deprecated. Developers should not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X."

So Java works everywhere... except maybe Apple.

Somebody else already addressed the open source issue. As for the "bad user experience" thing, Apple can validly claim it's for the user experience just like Google can. Just read Jobs' Thoughts on Flash. After Adobe is making moves to abandon Flash, it actually makes him sound spot on.

Now why should you give Google a free pass, because "Google knows best"? They said they would open source it, they didn't. They used an excuse Apple uses all the time -- an excuse that is at least plausible, though it isn't one I accept from either company.

apple's webkit is just a fork of KDE's KHTML

Seems to me like you're the one trying to rewrite history.

http://opensource.apple.com/

The depth of delusion on Slashdot surprises me to this day.

Anybody who's used Chrome or the web browser on Android has benefited from Apple's work on WebKit. But the zealots will try to rewrite history on that too.

http://opensource.apple.com/

The depth of delusion on Slashdot surprises me to this day.

Anybody who's used Chrome or the web browser on Android has benefited from Apple's work on WebKit. But the zealots will try to rewrite history on that too.

OpenSource for other projects, but not in the development of any of their products. Not if they could help it anyway.

http://opensource.apple.com/

The depth of delusion on Slashdot surprises me to this day.

Anybody who's used Chrome or the web browser on Android has benefited from Apple's work on WebKit. But the zealots will try to rewrite history on that too.

"Every thing they do is so closed and exclusive. They never extended a hand to the open source community."

I'm sorry, you're terribly confused. Or a troll:

http://www.opensource.apple.com/

http://en.wikipedia.org/wiki/Darwin_(operating_system)

http://www.webkit.org/

http://techcrunch.com/2010/11/12/apple-joins-openjdk-to-open-source-mac-os-x-java-technology/

http://alac.macosforge.org/

Etc.

A.

http://opensource.apple.com/

I have an iPad and I use Takenote. I like that it allows me to write freehand, draw shapes, type into text boxes, and does minor page layout work (e.g. moving and resizing components). It's also good at organizing different notebooks with multiple pages and named sections and bookmarks.

As it happens, I might know where to find Daleks and Cybermen. But think: has The Doctor taught us nothing? How many times have we seen minor megalomaniacs and rubber-suited monsters attempt to involve more dangerous beings in their conquests only to find themselves hopelessly out of their depth when the chips were down? Remember the Felinian Globulons of Tabulus 3? No? That's because they never made it to Doctor Who -- the Daleks killed them all, then the Cybermen repurposed the bodies. Seriously, you're better off sticking yourself in the Pandorica now, and planting something 10 years in the future to wake you up. By that time, the movie will be a distant memory available only through the TARDIS databank, or IMDB..

A look on Apple's discussion forums revealed a lot of people really liked Wacom's bamboo stylus for the iPad or iPad 2:

http://www.amazon.com/Bamboo-Stylus-for-iPad-CS100K/dp/B004VM0SE6/ref=sr_1_1?ie=UTF8&qid=1321380108&sr=8-1

As long as it feels enough like writing with a real pen and doesn't fall apart, I think this could work great combined with software like Note Taker HD:

http://itunes.apple.com/us/app/note-taker-hd/id366572045?mt=8

Do they keep it?

I'd assume they keep, or at least keep consolidations of, the voice data to help improve Siri's recognition and responses.

Maybe they don't know, but it seems people keep forgetting that Siri is a beta. When was the last time you saw Apple release a beta to consumers? I wouldn't be surprised if we saw Siri on EVERY Apple device in a year. The 4S users are just the beta users-- they get to stress test the system, see where people poke it for security holes and generally do things that a beta testing group is supposed to do.

After the beta period it goes into wide release, and you have Siri on every Apple device, probably addressable by different names. I wouldn't be surprised if we eventually saw Siri licensed out to other device manufacturers. It won't be long until I'm barking at the coffee maker in the morning.

"Siri, Tea. Earl Grey, hot."

"Sorry, you're no Picard."

So turn it off : "If you wish to use Voice Control while you are not connected to the Internet, turn Siri off from Settings > General > Siri. Make sure to turn Siri back on when you have Internet connectivity and you wish to use it again."

How long until they crack the unique ID generator and create viable clones of existing phones?

Probably about the same time they fix the problem of simply going with HTTPS to make sure it's valid: "So basically all we had to do was to setup a custom SSL certification authority, add it to our iPhone 4S, and use it to sign our very own certificate for a fake “guzzoni.apple.com”. And it worked : Siri was sending commands to your own HTTPS sever! Seems like someone at Apple missed something!"

Expect to see iOS 5.0.2 by Thanksgiving fixing this Siri "bug"

I'd love to see a port of Celestia on my iPad.

Similar to Celestia is GoSkyWatch, which happens to be a free app.

It does the VR overlay things while looking up through it at the sky, highlighting objects of interest. It can also be used as a 1st person camera view you move around. It's similar but not exactly like Celestia.

http://www.gosoftworks.com/GoSkyWatch/GoSkyWatch.html
or http://itunes.apple.com/us/app/goskywatch-planetarium-for/id364209241?mt=8

You say that as though people care!

People should.

Did you know that the iTunes license disallows installation on non-Apple branded machines?

No it doesn't. http://images.apple.com/legal/sla/docs/iTunesForWindows.pdf

Lion's 16% installed base is NOT bad after only 4 months.

No? $29.95 for all your machines? Sounds like a bloody bargain to me -- seriously, it does. Saving a measly $29.95 as compared to 250 new features for your Mac? Some of which, like resizing windows from every edge, and improved gestures, and better networking, to name just a few, are highly desirable. Also, you don't even need media -- you can just download the thing. Instant access, amazingly low price, extremely generous licensing, lots of new features. Sounds awesome. So why not upgrade?

How about because.... Lion breaks a whole lotta stuff (like, every PPC app and driver anyone ever owned) on top of what Snow Leopard broke ? Oh yeah. That would be why. :o)

Also, that's why there are nearly twice as many people still using Leopard (10.5.8), at about 30%. Because Lion is a lousy release on top of another lousy release: Snow Leopard. This is true even though if they upgraded today, they'd get those 250 Lion features plus the Snow Leopard features.

Look, both Snow Leopard and Lion are fine: if you're a new user and you will only buy new, compatible software. And that, no particular surprise, is the demographic that will make Apple the most money. But if you've been with them for a while, as I have, then you may have quite an investment in software. And that can change the picture quite a bit.

All the rest is just opinions and conjecture on your part, how about some figures ?

Not so. see above for figures for the Google-impaired.

This didn't seem to do that good of a job, but was 2 years ago.

  * Sonar Ruler, By Laan Labs: http://itunes.apple.com/app/sonar-ruler/id324621243?mt=8
  * http://thenextweb.com/2009/08/20/amazing-iphone-app-lets-measure-distance-echoes-works/

Happy measuring!

The iPad 2 has HDMI out, video mirroring, composite out, and component out.

The iPad 2 has HDMI out, video mirroring, composite out, and component out.

The SLA that everyone is quoting is not the current one. http://images.apple.com/legal/sla/docs/macosx107.pdf for the PDF of the 10.7 SLA.

I don't think that a lot of doctors are running life support systems on OS X or that pilots are reprograming their avionics systems to use it.

AppleTV right now can get MLB, NBA, NHL games - on their subscription platforms.

http://www.apple.com/appletv/#sports-news

But yeah, nothing else. Which sucks.

That's not the current EULA. You can find the up to date stuff at http://www.apple.com/legal/sla/

The current EULA allows you to install it on any Apple computer you control and up to two VMs on that same hardware.

as long as you don't mind violating the EULA

http://store.apple.com/Catalog/US/Images/MacOSX.htm

2. Permitted License Uses and Restrictions.
A. This License allows you to install and use one copy of the Apple Software on a single Apple-labeled computer at a time.

Exactly, make OSX installable on AMD and Intel hardware and I'll buy it. My Phenom x6 w/16GB ram should be more than enough to run anything you throw at it. Even the Mac Pro doesn't compare to the raw graphics power of a single GTX 590. $3500 is obscene to get a system with only 6GB ram, a single GPU, and 8 cores at 2.4Ghz. Instead, I'll keep my 6 cores at 2.8Ghz and 16GB ram with 1024 CUDA cores at 1.2Ghz.

Mac Pro needs to drop $1000 per box to have a decent price/performance ratio.
iMac needs to drop $500 per box.

Apple is overrated.

So many [stupid] websites have code in the site that, as soon as you visit, a pop-up with a message something to the effect of, "Welcome Apple iPhone user! We have an app for our website, why don't you use that instead!" then, tiny text to actually attempt to view the site. Not only that, but often, the website then attempts to give me a mobile "optimized" version of the website. Dang it! I don't want an optimized version with limited functionality.

To solve this, I have installed and use the Terra web browser on my iPad2 as it can masquerade as different versions of IE or Safari. Much of the time, I run in "IE" mode so that websites don't suspect I am running through the ipad; then I always see the "real" site.

Good riddance to Flash. But you know, since we're on this topic, to all the "Steve Jobs was right" fanboys: you do not understand logic. Sorry, but you don't. (Note: the following rant is not directed at parent, who makes a parallel argument to the one Steve Jobs made, and is surely correct.)

I think that letter from Steve, Thoughts on Flash, is a great way to test whether people understand logical arguments and are competent in keeping separate ideas straight in their heads. Those who see the letter as a definitive rebuttal against the use of Flash on the iPhone fail to do these things. I advise them to avoid both commenting, and voting.

To distill the logic of letter, it basically said the following: Flash sucks. You should therefore not be allowed to use it on your own phone.

Obviously it was more detailed than that, and went to great lengths to politely point out the many ways in which Flash sucks. Go ahead and read it - it's a great takedown of that wretched, ubiquitous plugin. Steve says that Flash goes against the idea of open standards on the web, that it's slow and a resource hog, that its development is way behind what market needs, and that it ran poorly on the iPhone when Apple evaluated it. All good points, and because I agree that Flash is a rotten piece of crap that should never have risen to prominence, I enjoyed reading them.

But none of this directly implies that you should not be allowed to install it on your own phone. Steve makes the case that Flash sucks, but at the end of the article a thinking person does not "better understand why [Apple] do not allow Flash on iPhones, iPods and iPads." There is no logical connection to support that outcome, even if we emerge from the letter hating Flash more than ever. Again, his premises were spot-on, but his logic was broken, so he pulled a conclusion out of his butt and the masses lapped it up. And to those of you who ignore this sleight of hand and argue that Apple must do whatever it can to restore a sense of childlike wonder and superior design to humanity: shut up, you stupid fanboy zombies. Brains like yours are the reason we have the politicians we have.

Re: Apples server market in full colour:
Thar's BSD in Them That Apples
http://www.apple.com/server/

Agreed. I'm a big fan of CM, and the rest of the ethical security researchers.

Apple's reaction to security vulnerabilities is pretty poor. I have personal experience with that since I reported a vulnerability in QT for Windows (CVE-2010-0530) that they took over a year to fix, and didn't fix it properly when they did.

Apple isn't the only vendor to have such poor policies, just one of the most visible.

The stock Google Android browser doesn't have text reflow either. It's based on exactly the same engine as iOS is. WebKit, developed by Apple from KHTML.

And presumably AdBlock is a separate download... hard to tell as every Android phone is different.

You want text reflow and ad block on iOS, no problem. Just as with Android you use an alternative browser. Here's one that supports both those things:
http://itunes.apple.com/us/app/onebrowser/id435089374?mt=8

Now, despite the ever moving goalposts on your side, my goalpost remains the same. Give me a link for any website that is too wide to work well on my iPad. You keep ignoring that one. Because of course you've never seen such a website. Your supposed "problem" with 1024 wide browsers is just made up. You're a fraud.

That's not an ad, it's an in-store display. I'm talking about the advertisements, on TV and in magazines. Go to Youtube, or Google Image Search. Search for "iphone ad". Watch them. Like, say, this, the first four iPhone ads. It doesn't tell you about the camera, or the storage, or any of that. It shows someone using the phone to listen to music, watch video, surf the web, check out their pictures, and make a phone call.

Heck, just go here. They talk about an 8 MP camera and a dual-core chip. Normal people get megapixels the same way they got megahertz - more must be better. So they use that. It talks about Siri, it talks about iCloud, it talks about iOS 5, and at the very bottom of the page in grey type it says you can get one starting at $199. The only page you can get to that even tells you it comes in different capacities is the one labeled "Tech Specs".

http://www.apple.com/pr/library/2010/03/02Apple-Sues-HTC-for-Patent-Infringement.html

Most likely referring to this one, not Apple suing Motorola, which started in fall 2010.

Similarly, the only printers iDevices will link to are Apple's proprietary Wireless printers. If you try using a different printer that you already have, you're out of luck.

There's an app for that.

Grats on skewing reality by anecdotal evidence
Now let's get back to reality.
Apple "all in one' vs Dell "all in one":

http://store.apple.com/us/browse/home/shop_mac/family/imac/select
http://www.dell.com/content/topics/segtopic.aspx/inspiron-one

23" Dell: i5 @ 2.5Ghz, 6Gb RAM, 1Tb HDD, Intel HD Graphics - 949.99$
21.5" Apple: i5 @ 2.5Ghz, 4Gb RAM, 500Gb HDD, AMD 6750M Graphics - 1199$

And so on for most configurations.

Apple includes the Magic trackpad (in addition to the keyboard) which is probably the best input device for Mac OS X there is, a 13×11cm multitouch trackpad made from the same material as the trackpad on their laptops, it is well worth its $69 price tag if bought separately.

An unlocked iPhone 4S 16Gb costs £500 at Apple UK store, VAT included. That's $800, so still less than the figure GP gave. Then again, 32Gb version costs £600 ($960), and 64Gb costs £700 ($1120).

1% per hour on standby would be an inordinate discharge rate according to the specs which state 200 hours standby...

http://www.apple.com/iphone/specs.html

It is not that they want a separate line, but rather that they want to have the software on the two seemingly separate lines converge.

(Or, rather, that your guess is that they want that.)

Apple's consumer strategy is based around the idea that people are passive consumers of entertainment and software written by others,

Most people don't write software and probably would never do so even if Linux had 100% market share for personal computers, so, yes, most consumers will only be using "software written by others".

Most users would probably mostly watch movies made by others, read books and articles written by others, and listen to music made by others, too. However, there's probably a higher fraction of the consumer base who might make home movies or make music at home, for example.

and the App Store enforces that model of behavior.

"Enforces"? The only way to "enforce" that would be to, say, keep such dangerous software-writing tools as Xcode out of the App store and keep such dangerous movie-editing and music-manipulating tools as iMovie and Garage Band out of the App Store.

A MacBook that was locked down and designed for passive consumption would probably be highly successful, if people were still able to write their emails and essays on it (and that is the extent of production that is expected of consumers who use MacBooks).

Yeah, it's not as if Apple has a line of software for consumers to use when making home movies and music.

Why would Apple want to maintain separate operating systems, when they could have one operating system that is configured at install time for two lines of computers (i.e. the consumer installations are configured for lock-down, and "pro" installations are not)?

Because they have different user bases, perhaps? Perhaps iOS on an iPad is enough for one user base, and people who buy Macs do so because they want something that's not an iPad, because they don't want to run everything in full screen mode, or they have more files than fit well into the iOS UI's "all documents for a given app are in a single pile" model, or....

Jobs' comments about cars and trucks may sum up Apple's model - most people would find tables running iOS sufficient, and, for the rest of them, there are Macs.

(Note that a lot of the lower-level code is shared between the OSes.)

It is not that they want a separate line, but rather that they want to have the software on the two seemingly separate lines converge.

(Or, rather, that your guess is that they want that.)

Apple's consumer strategy is based around the idea that people are passive consumers of entertainment and software written by others,

Most people don't write software and probably would never do so even if Linux had 100% market share for personal computers, so, yes, most consumers will only be using "software written by others".

Most users would probably mostly watch movies made by others, read books and articles written by others, and listen to music made by others, too. However, there's probably a higher fraction of the consumer base who might make home movies or make music at home, for example.

and the App Store enforces that model of behavior.

"Enforces"? The only way to "enforce" that would be to, say, keep such dangerous software-writing tools as Xcode out of the App store and keep such dangerous movie-editing and music-manipulating tools as iMovie and Garage Band out of the App Store.

A MacBook that was locked down and designed for passive consumption would probably be highly successful, if people were still able to write their emails and essays on it (and that is the extent of production that is expected of consumers who use MacBooks).

Yeah, it's not as if Apple has a line of software for consumers to use when making home movies and music.

Why would Apple want to maintain separate operating systems, when they could have one operating system that is configured at install time for two lines of computers (i.e. the consumer installations are configured for lock-down, and "pro" installations are not)?

Because they have different user bases, perhaps? Perhaps iOS on an iPad is enough for one user base, and people who buy Macs do so because they want something that's not an iPad, because they don't want to run everything in full screen mode, or they have more files than fit well into the iOS UI's "all documents for a given app are in a single pile" model, or....

Jobs' comments about cars and trucks may sum up Apple's model - most people would find tables running iOS sufficient, and, for the rest of them, there are Macs.

(Note that a lot of the lower-level code is shared between the OSes.)

It is not that they want a separate line, but rather that they want to have the software on the two seemingly separate lines converge.

(Or, rather, that your guess is that they want that.)

Apple's consumer strategy is based around the idea that people are passive consumers of entertainment and software written by others,

Most people don't write software and probably would never do so even if Linux had 100% market share for personal computers, so, yes, most consumers will only be using "software written by others".

Most users would probably mostly watch movies made by others, read books and articles written by others, and listen to music made by others, too. However, there's probably a higher fraction of the consumer base who might make home movies or make music at home, for example.

and the App Store enforces that model of behavior.

"Enforces"? The only way to "enforce" that would be to, say, keep such dangerous software-writing tools as Xcode out of the App store and keep such dangerous movie-editing and music-manipulating tools as iMovie and Garage Band out of the App Store.

A MacBook that was locked down and designed for passive consumption would probably be highly successful, if people were still able to write their emails and essays on it (and that is the extent of production that is expected of consumers who use MacBooks).

Yeah, it's not as if Apple has a line of software for consumers to use when making home movies and music.

Why would Apple want to maintain separate operating systems, when they could have one operating system that is configured at install time for two lines of computers (i.e. the consumer installations are configured for lock-down, and "pro" installations are not)?

Because they have different user bases, perhaps? Perhaps iOS on an iPad is enough for one user base, and people who buy Macs do so because they want something that's not an iPad, because they don't want to run everything in full screen mode, or they have more files than fit well into the iOS UI's "all documents for a given app are in a single pile" model, or....

Jobs' comments about cars and trucks may sum up Apple's model - most people would find tables running iOS sufficient, and, for the rest of them, there are Macs.

(Note that a lot of the lower-level code is shared between the OSes.)

"IT Guys" would really appreciate if they could have a) an App store of their own where they can put up their company local solutions and

They already can. Apple has solutions for enterprises.

That I know of; these come from third parties; require the device to be set up by the IT department (so don't apply easily to devices bought by employees) and they come with a whole heavy policy and management system. That is not a substitute for simply going into a settings menu and adding or deleting a repository.

b) ways to black or white list solutions from the Apple App store so that people don't install erotic applications on their work computer.

You mean give them more work to do. Rather than just accept that the Apple App Store already bans porn. They have playboy, but it's a version without so much as a naked breast.

Of course any device with a web browser can access hard core porn... Only way you can deal with that is disciplinary measures after it's been discovered.

I very specifically said "erotic" rather than "pornographic" the two words are different and pornographic is pretty much legally defined as "whatever we feel like today". There are plenty of apps like this one and this one and this one and this one (admittedly a podcast; but..) this one which would be considered pornographic in a Muslim country whilst many of the apps which have been banned would be considered acceptable on a work PC in Europe (they ban, for example, apps about breast feeding). If you think that picking a random, capricious, uptight Californian's idea of "pornographic" is going to be sufficient to cover your ass in a corporate environment then I have a training course you need to take. One way or another ("I saw it in the app store; I thought that meant IT approved it"; "that application is required for our anti-discrimination training; how could you ban it") using the app store as a corporate standard without doing filtering is going to open you to lawsuits.

"IT Guys" would really appreciate if they could have a) an App store of their own where they can put up their company local solutions and

They already can. Apple has solutions for enterprises.

That I know of; these come from third parties; require the device to be set up by the IT department (so don't apply easily to devices bought by employees) and they come with a whole heavy policy and management system. That is not a substitute for simply going into a settings menu and adding or deleting a repository.

b) ways to black or white list solutions from the Apple App store so that people don't install erotic applications on their work computer.

You mean give them more work to do. Rather than just accept that the Apple App Store already bans porn. They have playboy, but it's a version without so much as a naked breast.

Of course any device with a web browser can access hard core porn... Only way you can deal with that is disciplinary measures after it's been discovered.

I very specifically said "erotic" rather than "pornographic" the two words are different and pornographic is pretty much legally defined as "whatever we feel like today". There are plenty of apps like this one and this one and this one and this one (admittedly a podcast; but..) this one which would be considered pornographic in a Muslim country whilst many of the apps which have been banned would be considered acceptable on a work PC in Europe (they ban, for example, apps about breast feeding). If you think that picking a random, capricious, uptight Californian's idea of "pornographic" is going to be sufficient to cover your ass in a corporate environment then I have a training course you need to take. One way or another ("I saw it in the app store; I thought that meant IT approved it"; "that application is required for our anti-discrimination training; how could you ban it") using the app store as a corporate standard without doing filtering is going to open you to lawsuits.

"IT Guys" would really appreciate if they could have a) an App store of their own where they can put up their company local solutions and

They already can. Apple has solutions for enterprises.

That I know of; these come from third parties; require the device to be set up by the IT department (so don't apply easily to devices bought by employees) and they come with a whole heavy policy and management system. That is not a substitute for simply going into a settings menu and adding or deleting a repository.

b) ways to black or white list solutions from the Apple App store so that people don't install erotic applications on their work computer.

You mean give them more work to do. Rather than just accept that the Apple App Store already bans porn. They have playboy, but it's a version without so much as a naked breast.

Of course any device with a web browser can access hard core porn... Only way you can deal with that is disciplinary measures after it's been discovered.

I very specifically said "erotic" rather than "pornographic" the two words are different and pornographic is pretty much legally defined as "whatever we feel like today". There are plenty of apps like this one and this one and this one and this one (admittedly a podcast; but..) this one which would be considered pornographic in a Muslim country whilst many of the apps which have been banned would be considered acceptable on a work PC in Europe (they ban, for example, apps about breast feeding). If you think that picking a random, capricious, uptight Californian's idea of "pornographic" is going to be sufficient to cover your ass in a corporate environment then I have a training course you need to take. One way or another ("I saw it in the app store; I thought that meant IT approved it"; "that application is required for our anti-discrimination training; how could you ban it") using the app store as a corporate standard without doing filtering is going to open you to lawsuits.

"IT Guys" would really appreciate if they could have a) an App store of their own where they can put up their company local solutions and

They already can. Apple has solutions for enterprises.

That I know of; these come from third parties; require the device to be set up by the IT department (so don't apply easily to devices bought by employees) and they come with a whole heavy policy and management system. That is not a substitute for simply going into a settings menu and adding or deleting a repository.

b) ways to black or white list solutions from the Apple App store so that people don't install erotic applications on their work computer.

You mean give them more work to do. Rather than just accept that the Apple App Store already bans porn. They have playboy, but it's a version without so much as a naked breast.

Of course any device with a web browser can access hard core porn... Only way you can deal with that is disciplinary measures after it's been discovered.

I very specifically said "erotic" rather than "pornographic" the two words are different and pornographic is pretty much legally defined as "whatever we feel like today". There are plenty of apps like this one and this one and this one and this one (admittedly a podcast; but..) this one which would be considered pornographic in a Muslim country whilst many of the apps which have been banned would be considered acceptable on a work PC in Europe (they ban, for example, apps about breast feeding). If you think that picking a random, capricious, uptight Californian's idea of "pornographic" is going to be sufficient to cover your ass in a corporate environment then I have a training course you need to take. One way or another ("I saw it in the app store; I thought that meant IT approved it"; "that application is required for our anti-discrimination training; how could you ban it") using the app store as a corporate standard without doing filtering is going to open you to lawsuits.

"IT Guys" would really appreciate if they could have a) an App store of their own where they can put up their company local solutions and

They already can. Apple has solutions for enterprises.

That I know of; these come from third parties; require the device to be set up by the IT department (so don't apply easily to devices bought by employees) and they come with a whole heavy policy and management system. That is not a substitute for simply going into a settings menu and adding or deleting a repository.

b) ways to black or white list solutions from the Apple App store so that people don't install erotic applications on their work computer.

You mean give them more work to do. Rather than just accept that the Apple App Store already bans porn. They have playboy, but it's a version without so much as a naked breast.

Of course any device with a web browser can access hard core porn... Only way you can deal with that is disciplinary measures after it's been discovered.

I very specifically said "erotic" rather than "pornographic" the two words are different and pornographic is pretty much legally defined as "whatever we feel like today". There are plenty of apps like this one and this one and this one and this one (admittedly a podcast; but..) this one which would be considered pornographic in a Muslim country whilst many of the apps which have been banned would be considered acceptable on a work PC in Europe (they ban, for example, apps about breast feeding). If you think that picking a random, capricious, uptight Californian's idea of "pornographic" is going to be sufficient to cover your ass in a corporate environment then I have a training course you need to take. One way or another ("I saw it in the app store; I thought that meant IT approved it"; "that application is required for our anti-discrimination training; how could you ban it") using the app store as a corporate standard without doing filtering is going to open you to lawsuits.

If that's an app I've installed specifically for its screenshot abilities, cool! If not, I don't want it running on my desktop. I don't want a text editor connecting to Facebook or an instant messenger to open a disk device node. Systems like SELinux implement these permissions as access controls. Apple seems to have decided to implement them at the code review level.

...and at the access controls level, at least for some of those.

The real issue isn't sandboxing per se, it's that Apple's sandbox model is very restrictive. For example, you need to get special permission from Apple to send AppleEvents to another application. Compared to say Android, which has defined permissions for "access contacts" or "edit calendar events", the OS X sandbox pretty much silos the entire app and does not allow much if any IPC.

That's simply not true.

Yes, you need permission to send Apple Events, and you need to specify which app you want to control. The reason for this is that Apple Events are intended as a way for one app to control another app. The purpose of a sandbox is to enforce user intent, which is impossible if applications are controlling other applications and posing as the user. Put another way, there are basically no limits to what you can do with "tell application Finder ...", up to and including copying or moving files into and out of your sandbox directory (a location where you have permission to read and write files) which means that allowing Apple Events would provide a trivial way to bypass the entire file access portion of the sandbox security model.

Similarly, some other low-level IPC mechanisms (shared memory, for example) are disallowed (if memory serves) because they are pretty serious violations in the separation between applications.

Distributed objects is disallowed because it does not provide enough of a permissions model to be made secure, as I understand it.

However, the most common (and safest) form of IPC, TCP networking, is allowed, and so is network service discovery and advertisement. You just need a networking entitlement. If you want to be a network daemon, you need a network server entitlement. If you want to make outgoing connections, you need a network client entitlement. If you want to do both, you need both. TCP is the preferred way to do interprocess communication because it is a clean message passing API that can't readily cause catastrophic side effects (unlike mach_msg_overwrite, for example).

Oh, yeah, and the Mac sandbox does, in fact, have separate entitlements for access to personal information, including one for the calendar, one for the address book, and one for location services.

Do you actually know anything about Apple's sandboxing model or are you just making it up as you go along?

The homescreen is fully modifiable, not sure what you mean about this one. As for predictive keyboard that exists.

The only difference now is that Apple is defining a sandbox profile for normal applications and forcing developers to use it if they want their application in the App Store. It is not a whitelist of applications, it's just a default security policy that applications must work with. This is like Microsoft requiring applications to work as non-Administrator users for the Designed For... certification, or a Linux distribution rejecting suid root apps from the default repository.

Well, it's more like a range of default security policies tailored to the application, but yes. Apple has created a series of multiple high-level sandbox profile options that your app can choose from, depending on what it needs to do. If you are selling your apps on the Mac App Store, Apple vets those options to ensure that they make sense based on what your application does. If you aren't selling your app on the Mac App Store, this does not affect you at all, though you are strongly encouraged to sandbox your app because doing so makes the platform more robust against viruses, etc. At that point, the onus is on you to make sure that the options you choose are sane.

The big thing that makes the 10.7 App Sandbox different from the prior incarnations is the addition of PowerBox. By moving the open and save dialogs into a separate (system-provided) application that has the ability to add entitlements (capabilities) to your application's sandbox on the fly, it means that your app can access the files that the user specifies, and nothing else (outside of your app's personal scratch space). This is a significant win for security, as it puts the user directly in charge of what files an application can access.

I could go on for a while about privilege separation and techniques for making your app more secure, but that's a bit out of scope for this discussion forum. Go read App Sandbox Design Guide if you want more details.

Also, according to MacWorld, the original deadline was November (Source: MacWorld). The news is that Apple pushed the deadline out by four months, not that Apple is going to require sandboxing. That story is so out of date that when I first heard it, I fell off my dinosaur.