Category Archives: Mac

Plenty of Space Left for OS-level Innovation

As one of the few people still left without circles to drag people into I had to find some other ways to occupy some spare cycles this weekend.

One of the things I ended up spending time with was videos from Apple’s WWDC 2011, as I was curious to see what core OS changes they are making with Lion.

I’ve long been a fan of Apple Engineering and admire the really great software they are building on top of their excellent Unix foundations. The highlight in Lion for me is probably the App Sandbox. Though XPC, Versions and push notifications/iCloud are all very interesting.

The App Sandbox gives each application which opts to use it a private container. File, network and hardware access are all prevented by default unless the app has registered for an exception. Once sandboxed the application can only access files within its sandbox, if the file access exceptions are enabled the user allows the application access to other files through the standard file access sheet (dialog) and behind the scenes the Powerbox has access to the full file system and gives file access to the selected file to the application.

This means in the worst case a compromised application should only ever be able to affect the few files the user has chosen to allow into the sandbox, rather than being able to wreak havoc with the entire file system.

The App Sandbox impresses me for many reasons:

  • Learning about it I had an aha moment, I immediately began to imagine the underlying implementation of such a container mechanism.
  • The developer positioning is excellent; “come play in our sandbox and we’ll keep you and your users safe” rather than talk of jails, etc. The positioning as a last line of defence seems wise also.
  • They have a well tested kernel-level technology for sandboxing from the iOS and are able to leverage this technology created for handsets on the desktop, thanks to their shared core OS.
  • It’s trivially easy to adopt for most developers and has a clear and easy to use migration path.
    All a developer need do is opt in to the sandbox, pick which of the small amount of exceptions (15 or so?) they want for their app and that’s it.
    Migration is handled through a manifest file which tells the OS where to pull files from on first run of the newly sandboxed application.
  • Powerbox is a badly named but cleverly designed arbitrator allowing applications to work as usual whilst still offering users protection. All the application need do is use standard Apple API’s and the OS does the real work.

Next I’m going to go and read up on Linux security mechanisms. I expect that at least one of the kernel-level security frameworks will enable such behaviour, I just wonder if they are so easy for developers to adopt. Guiltily I’ve gotten into the habit of disabling SELinux each time I do a clean OS install, because when it first started cropping up there were too many things I wanted to do which were blocked and not enough time, inclination or (if I recall correctly) documentation for me to work out how to get do them in a compliant way.

I wonder how much has changed in the intervening years and what SMACK and Tomoyo do differently?

Update: I may have mocked the term Powerbox but it’s not one Apple coined, browsing some security focused OS research I discovered the term again and a little more digging revealed that Wikipedia has a section on it in their File Dialog page and that Capdesk was the first desktop environment to include a Powerbox file dialog.

Why I Loved Being a Mac OS X User and My High Hopes for Fedora 9

I’ve previously mentioned that I’m now running a Linux laptop as my primary (non-work) machine. I still miss aspects of using an iBook, but fortunately it looks like Fedora 9 is set to abolish the remaining issues – further cementing my use of Linux on a laptop.

First of all I should mention the things that I loved about using my iBook with OS X throughout my University career and beyond, it’s also probably useful to mention why I wanted to switch to Linux full time.

My use case for my primary machine has always been a little strange, unlike most geeks (who seem to have at least two machines in regular use) I like to have only one computer upon which I do all of my work and store all of my data. Because I move around quite a bit (and have done since I started university) a desktop is less than practical as it means only being able to use the machine when I am in one location, so about 3-4 days of the week on average.
However I also like to plug my laptop into an external keyboard, mouse and monitor and use my laptop like a desktop with dual screens and the more comfortable sitting position amongst other benefits.

The reason I ended up purchasing an iBook to fulfil these needs is that I had given myself enough Linux exposure that I had become accustomed to and preferred using certain pieces of software, including the solid development tool chain, and that I prefer the Unix/Linux way of doing things to the Windows way.

So why not stick with the Mac OS? Why buy a new machine and put Linux on it? Two related questions, one answer.

Most of the applications I care about using are open source and cross platform; Firefox, Vim, GCC. On top of that I really like the GNOME desktop, it’s a joy to use and does everything I want and more without getting in the way. Thirdly I love how rapidly Linux develops, 6-monthly distro updates! Neat! It’s really fun to get an updated OS packed with new features every 6 months, even if you don’t use all of the features. Finally I like the thought of being able to modify the software should I need, or want, to. I used mainly open source applications on Mac OS X so it makes sense to have those freedoms all the way down the stack.

There is of course the whole political side of Free and/or Open Source Software but my opinions on that are no way near well formed enough to even discuss that here.

So, why the new laptop? My iBook was starting to age showing both physical signs of wear and tear and more importantly beginning to feel slower as I updated to newer versions of software. I think slightly longer than 2 years is an OK lifetime for laptop and I was itching for some newer, faster, kit with a nicer display.

Why Fedora? It does everything I want and offers me the benefits mentioned above with regard to Gnome and an (almost entirely, I use proprietary drivers and Flash) Free software stack running on my computer. I chose Fedora over other distros as it feels solid and polished and I am a big fan of Red Hat.

What makes Fedora 9 so exciting? Mainly that it is set to increase the polish on areas that matter to me while adding features that will further enhance my computer usage. More specifically the following proposed features are highly anticipated:

  • Randr Support – At the moment if I want to switch between dual screens and a single screen I have to restart X. That really sucks as I lose all my running applications etc. It’s not a huge burden but it adds a login/logout cycle that I didn’t have on OS X and hopefully won’t have on Fedora 9! Randr support should mean when display is connected or disconnected X detects this and acts appropriately and, hopefully, that Gnome supports multiple display configurations better – it does OK at the minute but it’s not great.
  • Network Manager Improvements – Presently my laptop spends a good few minutes of its boot process trying to probe the network interfaces, which aren’t configured because I use Network Manager. It’s also pretty annoying that when I plug in a cable my WiFi is disconnected and the wired interface brought up. Disconnecting me, and more importantly any connected applications, from the internet momentarily.
    Starting NM earlier in the boot process and implementing support for multiple simultaneous connections should solve (or at least start to solve) these issues nicely.
  • One Second X – Get into your graphical desktop faster. Can’t be a bad thing, anything that improves time till usable is great by me! This will also help a little if the Randr support doesn’t quite make it.

There are also several planned enhancements/features which strongly appeal without directly affecting my current work flow. Some of these will be useful to me while others just appeal to the geek within:

  • DeltaRPM Support (Presto) – Why download a whole package when you can just download the differences. Should improve update speed as less data will need to be transferred over the network.
  • Fingerprint Readers – My new laptop has a fingerprint reader built in. Being able to use it for authenticating myself instead of a password will be novel, at least, if not useful. It reads like they will implement password/fingerprint side by side such that either will be usable so authentication won’t be fully dependant on a fingerprint.
  • Bluetooth enhancements – The current Bluetooth support in Gnome is usable if a little user-unfriendly. From what I’ve read on this the improved bluetooth support will make my very infrequent usage of it much smoother.
  • Encrypted Filesystem Support – I’m not sure if I will ever use this feature personally but it seems like a great feature to have and one I hope will drive more government departments to use Linux. Perhaps wishful thinking but every man must dream.

Fedora 9 is due to have a final release on the 29th April, I can’t wait. In fact I’ve been extremely tempted to install and run the developer snapshots but instead I think I’ll wait until the beginning of April for the preview release.

In short; the thing I loved about being an Apple laptop (with OS X) user was that it when I didn’t care to be a geek the software got out of the way and let me be a user. It looks like Fedora 9 will do the same!

Screen Reading

I’ve never been a big fan of reading things from a computer screen, web-sites have never been a problem but PDF’s of any significant length have always been a lot of work and have either gone unread or been printed and read offline.

Recently, that all changed. It seems I should follow Unix philosophies more frequently. General purpose document viewers are all well and good for short documents but for more in depth on screen reading the additional niceties added to purpose built readers are a must.

More specifically of late I have been reading a lot of “academic” papers and comic books (polar opposites?) on my iBook.

Skim“… is a PDF reader and note-taker for OS X. It is designed to help you read and annotate scientific papers in PDF, but is also great for viewing any PDF file.”

The main advantages Skim offers over is the note taking features. How far can you actually get through a paper without wanting to highlight (or circle) a section or jot down some notes. Even better, if you’re reviewing a document in PDF form you can cross out sections and add notes for proposed changes.

Full screen mode is a great (although not unique) feature enabling you to immerse yourself in the paper while still having access to all of Skims features via automatically hiding “drawers” and menu bar. Very nice.

Skim makes the process of consuming papers on-screen much more pleasant and enjoyable.

FFView“…is a fast OpenGL-powered picture viewer a la ACDsee (2.x). It is aimed at letting you read manga or other comics onscreen (windowed & fullscreen mode). Features include fast prefetching, smooth panning, voice commands, 2-page mode, a magnifying lens, the ability to browse pictures inside archives (.rar/.cbr, .zip/.cbz/, .pdf) and sticky per-picture options. It reads EXIF tags and is scriptable.”

Now that I’ve found FFView I only wish more comics where available in digital (cb[r|z]) format. If some of the larger comic publishers would offer their publications in digital format I would gladly subscribe to and/or purchase them.

FFView makes reading comics on-screen a joy. You can use the spacebar to page through the pages and if a page doesn’t fit on one screen it will scroll down before turning pages on the next tap of the spacebar, a nice feature which other comic readers I tried don’t get right.

The magnifying lens often comes in very handy, particularly when reading a double page spread on a 1024×768 screen, in fact my only gripe with FFView is that there is no shortcut key for enabling/disabling the magnifying lens meaning the menu must be invoked with a mouse.

Shameful update: I should have known better. FFView has an impressive preference pane allowing full customisation of keyboard shortcuts for all menu items. I now have Command + Shift + M bound to show/hide magnifying lens. Fantastic!

Like Skim FFView supports a full screen mode where the menu bar is automatically hidden and shown which works very smoothly.

Both Skim and FFView are open source projects. Skim is a new project with frequent updates whereas FFView has been around for some time now but is still receiving attention from its developers having had an update within the last month.

If you’re a Mac user and read comics and or PDF’s check these apps out.