[Openmcl-devel] Apple To Require Sandboxing For Mac App Store Apps - Slashdot

Robert Goldman rpgoldman at sift.info
Mon Nov 7 14:00:36 PST 2011

On 11/7/11 Nov 7 -3:34 PM, Andrew Shalit wrote:
> I would be surprised if Apple allowed multiple tiers of apps in the Mac App
> Store, some more locked down and some less locked down.  Once you open that
> door, users have to start thinking, and once users have to start thinking they
> will inevitably click the wrong button and give permission at the wrong time.
> That's why all those certificate warnings in web browsers have turned out to
> be so useless.  People say, "oh, but this is citibank so the fact that the
> certificate is invalid must just be a little mistake.  I trust citibank so
> I'll click okay anyway."

[Veering off-topic...]

And web-using companies (I don't know about Citibank, but I know about
others) have been busily training us to ignore those warnings by doing
stupid things like mixing HTTPS and HTTP content on the same web page.
Or sending out email that has links in it that are equivalent to
phishing links....

It's not just that users don't understand, it's also that the web
content publishers cut corners in ways that break these kinds of
security protocols.

Proposal:  any security protocol that requires that web publishers
conform to security best practices, and that will yield a mess of false
positives when said web publishers don't conform to said best practices,
is no security protocol at all....


More information about the Openmcl-devel mailing list