Espionage 2.8.6 Released!

The changes below have been updated to include those of 2.8.7.

Espionage 2.8.6 is finally out, and it’s highly recommended as it fixes many important issues and adds plenty of polish:

  • IMPROVED: Intelligence of application templates w.r.t. dependencies and more
  • IMPROVED: “Choose Password” changes to “Password Required” when re-adding an encrypted folder to Espionage
  • IMPROVED: Espionage now takes steps to resolve a situation when two disk images exist for one folder
  • IMPROVED: Added documentation on ‘saved’ folders and other advanced preferences
  • FIXED: “Lock Folder” contextual menu item not showing up
  • FIXED: Handling of ‘saved’ folders. See new preference in Advanced preferences
  • FIXED: Issue where device syncing could be disabled due to conflict with SyncServices
  • FIXED: Size check is not necessary for already encrypted folders
  • FIXED: Scroll bar wasn’t visible for the small association box when adding a folder to Espionage with too many associations
  • FIXED: Unnecessary associations suggested when adding Mail folder(s) directly to Espionage instead of via the template
  • FIXED: Hang that could occur if application association is launched independently during autounlock
  • FIXED: Rare issue where user could be prompted for login keychain password despite using separate keychain
  • FIXED (2.8.7): Previous version caused login keychain to lock if Espionage was set to use the login keychain
  • FIXED (2.8.7): Corrected explanation in documentation for calculating folder capacity

Overview of Significant Changes

Advanced preference for handling “saved folders”

Some users reported getting excessive “saved folder” notifications, and this release includes a new advanced preference for fine tuning how Espionage handles this situation. Details are in the new documentation on the advanced preferences.

“Lock Folder” contextual menu revived

It turns out that in switching to launchd, we inadvertently broke the “Lock Folder” contextual menu on 10.6. This situation has now been rectified, and the way we’re doing it now means that new users don’t have to restart their computers after installing Espionage for it to become visible.

Other important bug fixes

The release includes other important bugfixes, including a rare and bizarre issue where iSync would disable itself, and a hang that could be triggered during the autounlock sequence.

In short, it’s an important release, and you can update your copy within Espionage by launching it and choosing “Check For Updates…” from the Espionage menu.

Enjoy! 😀

Espionage 2.8.4 Released!

The changes below have been updated to include those of 2.8.5.

Espionage 2.8.4 is out! Here are the changes:

  • IMPROVED: SyncServices folder is now encrypted for many apps. Espionage tries to make sure it remains unlocked
  • IMPROVED: The ‘Lock On Quit’ option is now per-folder instead of per-application
  • IMPROVED: Relationship between ‘autounlock at login’ and ‘launch at login’
  • IMPROVED: Miscellaneous improvements
  • NEW (2.8.5): Added “Open Espionage” menu item to Espionage’s global menu
  • FIXED (2.8.5): Rare minute-long hang when an app was launched immediately after another was unlocked
  • IMPROVED (2.8.5): Added a warning regarding encrypting folders beginning with an underscore

‘Lock On Quit’ is now per-folder

Previously, when the ‘Lock On Quit’ checkbox was checked, it applied to all folders. In other words, if an application had two folders associated with it, it wasn’t possible to have only one of those folders lock when the application quit.

Now it is. 🙂

The “special” SyncServices folder

There’s a folder in OS X called SyncServices, located here:

/Users/[your username]/Library/Application Support/SyncServices

Any application that wants to have its data synced by OS X (whether through iTunes or possibly iSync), might have some of that data stored here. As this folder can be used by various applications, including ones that aren’t explicitly associated with the folder, it’s recommended to keep this folder unlocked the entire time you’re logged into your user account.

Most of the data in this folder is fairly non-important (for example, Mail keeps your email in a different folder, but some things, like Notes and account settings, can be stored in the SyncServices folder), and difficult to decipher, so it’s fine to leave it unlocked while you’re logged in. If you’re concerned you can turn on the screensaver password in OS X’s Security System Preferences pane.

You can encrypt this folder by dragging it onto Espionage, or by re-running the application template for Mail, Safari, iCal, or Address Book if you already have any one of them encrypted. Espionage is already setup to treat this folder differently so you don’t have to worry about making sure it autounlocks when you login.

(Note: All Espionage’d folders are instantly re-locked the second the computer loses power, or you logout or restart.)

Enjoy! 😀

Espionage 2.8.3 Released!

Espionage 2.8.3 is a minor point update with some significant changes:

  • NEW: Converted EspionageHelper to launchd agent, resulting in improvements to:
    • Improved security for non-enrypted folders (which are still obviously insecure)
    • Removes startup errors associated with Apple’s buggy Login Items code
    • Crash recovery
  • NEW: iPhoto application template
  • IMPROVED: Notification regarding moving or renaming unlocked encrypted folders.
  • IMPROVED: Updated iCal template to reflect changes by Apple
  • FIXED: Check to prevent encryption of Library folder
  • FIXED: Rare situation where incorrect applications would be suggested as associations for a folder
  • FIXED: SmartMove did not update app associations
  • FIXED: Unnecessarily re-prompted for master password when stopping helper from preferences

Good-bye Login Items, Hello launchd

Up until this version, Espionage used OS X’s login items facility to start its helper program, which runs in the background and is responsible for bringing up the password prompt, unlocking folders, etc.

We chose this method because it was the only reliable way to have a program start at login on both Mac OS 10.5 (Leopard) and 10.4 (Tiger). It turned out, however, that Espionage was not compatible with 10.4 for various technical reasons, and we also noticed that in some rare cases, Apple’s code for putting something on the list of login items would break or flake out, so we’ve been eager to make the switch to what are called launchd agents, available in 10.5 and later, which act as super-powered login items.

Now, if Espionage’s helper crashes or is forcibly quit by the user incorrectly, it will immediately relaunch. This property enhances the “security” of unencrypted, password protected folders (which, don’t kid yourself, are still very much insecure, and are only useful for protecting relatively unimportant data from luddites).

There are other small benefits to switching to the agent system (and I won’t go into all of them), but needless to say, 2.8.3 is a rather significant update for a minor-point release, so updating to it is highly recommended!

Enjoy! 😀

Espionage 2.8 Introduces SmartMove!

We’ve been working hard to make Espionage even easier to use, and with 2.8 we think we made a little bit of a breakthrough in usability when it comes to moving and renaming folders. We call this new feature SmartMove.

That isn’t the only change in 2.8 though, here’s the complete list:

  • NEW: SmartMove – allows folders to be moved and renamed like normal, Espionage handles the details
  • NEW: Espionage now handles importing previously lost encrypted folders when given their symlink
  • NEW: Setting to prevent Time Machine from backing up a folder, available by right-clicking on a folder in the list.
  • NEW: Prompt user for folder password during restoration in the event of issues retrieving it from keychain
  • NEW: Remind user to enable Espionage’s backups if they’re not enabled.
  • IMPROVED: Backups made safer: Espionage won’t overwrite backups with folders that failed to unlock
  • IMPROVED: Better support for encrypting invisible folders (those that start with a dot)
  • IMPROVED: “Lock Folder” CM on 10.6 now properly locks folder if used on folder’s mountpoint
  • IMPROVED: Path Finder compatibility. Make sure to check Path Finder compatibility mode in the Preferences
  • IMPROVED: Ensure Finder is active after a folder is unlocked
  • FIXED: Issue with one of Espionage’s folder validation checks
  • FIXED: Issue where Finder could cause prompt to appear immediately after a folder is locked
  • IMPROVED (2.8.1): Minimized appearance of “Please lock” info alerts
  • IMPROVED (2.8.1): Folders on Time Machine’s blacklist are removed from it when restored
  • IMPROVED (2.8.1): Don’t allow non-encrypted folders to be added to Time Machine’s blacklist
  • IMPROVED (2.8.1): Documentation for restoring from Time Machine backups
  • FIXED (2.8.1): Problems importing invisible disk images
  • FIXED (2.8.2): Rare issue where Espionage could hang on first-unlock of a folder because of Spotlight

Overview of Significant Changes

SmartMove

Previously, moving or renaming folders wasn’t very intuitive, and while we were aware of this, we weren’t sure whether there was a robust enough technical solution to make the whole process more inuitive.

I’m happy to say though that we finally figured it out and now moving or renaming protected folders is as simple as… moving or renaming folders! 🙂

I threw together a quick video showing off this feature:


Improved Time Machine Integration

Because Espionage moves a disk image each time a folder is locked or unlocked, Time Machine may end up backing up more than it needs to.

To ensure efficient backups with Time Machine, you can either make sure to run Time Machine when all folders are in the same locked state as they were during the previous backup, or, now with 2.8 you can prevent Time Machine from backing up a folder altogether (and use Espionage’s backups instead) for specific folders:

Stay tuned for more improvements in this area…

Updated Dropbox Instructions

We’ve also improved the instructions for using Espionage with Dropbox. The new-style setup lets Dropbox add its nice little badges on files and folders.

If you’re currently using the old-style setup and want to convert to the new way of encrypting Dropbox, it’s very simple:

  1. Open Dropbox and go into its preferences.
  2. Move the Dropbox to your home folder.
  3. When it’s done, move the Dropbox again, this time select the *unlocked* Vault folder (in your Home folder, it will have a little arrow icon on it) as the destination.

Enjoy! 😀

The Ultimate Test Machine Saga

Quad-Booting Mac

So, you want to quad-boot your Mac? What could possibly go wrong?

This post explores that question.

Motivation

After upgrading to the latest Unibody, I decided to turn my old MacBook Pro into the ultimate testing environment. My goal was to be able to test and develop software for Tiger, Leopard, Snow Leopard, Windows XP, and possibly other operating systems in the future (Windows 7, Ubuntu, etc., although that might require Grub).

Setting Up The Partitions

I originally thought this entire process would be a simple matter of creating partitions and installing each OS on its respective partition (Hah!). The plan was to use iPartition to create this setup without erasing my Snow Leopard install:

Perfect Test Machine

To do this, I had to first run iDefrag (also made by Coriolis Systems) to compact the Snow Leopard install. Then I could non-destructively resize its partition and add the rest.

iPartition wasn’t able to create an NTFS partition so I left the Windows partition unformatted, everything else was formatted as HFS+, journaled.

I had saved a Windows install using Winclone, so I went to try to restore that. That failed because Winclone needs the partition to be formatted first.

I tried using Boot Camp Assistant (BCA) to create the NTFS partition, but BCA greeted me with this error (for the Googlers): “The startup disk cannot be partitioned or restored to a single partition.”

To get around this error you probably could use iPartition to create a single HFS+ partition and install Snow Leopard on it. You would need to use iPartition because iPartition lets you create partitions while leaving free space on the drive, and remember, we need that space to create additional partitions for the other operating systems. Disk Utility cannot leave “unpartitioned space” on the drive, and therefore you’d end up creating more than one partition before running BCA, which would then refuse to do its thing.

I went a different route though, as I discovered that by installing NTFS-3G (the free Open Source version), I could create NTFS partitions using Disk Utility. So I partitioned the entire drive, this time using Disk Utility, and was able to successfully restore Windows to the NTFS partition using Winclone.

That was the easy part though.

Fragile Windows

Restoring Windows is one thing, getting it to boot is another. Upon rebooting to check the XP install, I was greeted with a black screen and error message along the lines of “No bootable device available.”

After searching Google I came across this hint on how to triple-boot your system. The comments section were particularly helpful, and led me to investigate the boot.ini file as a possible source of the problem.

The boot.ini file, for some reason, specifies what partition number it’s located on. My Windows partition was in the wrong location, and it didn’t like that. So I followed their suggestions and edited the file using emacs, and played around with the number. I tried every single number between 1 and 6, and even zero (out of desperation), none would satisfy Windows.

At some later point, after much formatting and reinstalling, I actually got Windows to boot, only to be greeted by a blue screen instead of a black screen, which flashed too quickly for me to read and then the computer restarted itself.

Although I don’t have a complete list of my Googles during this time, here’s what I was able to dig up from Firefox’s history, hopefully it will save a fellow Googler or two:

  • chkdsk “volume appears to contain”
  • “windows could not start” hal.dll
  • windows xp recovery console
  • “no bootable device” boot.ini bootcamp
  • boot camp UNMOUNTABLE_BOOT_VOLUME
  • “there is no operating system installed in this virtual machine” (That’s from Parallels)

The “Right” Partition

Here’s what I now know. Editing boot.ini may or may not work. In my case (with Windows XP) it definitely did not. Prior to embarking on this journey, you need to decide ahead of time what to install on the first two partitions, because the third has to be Windows. In Disk Utility, partitions start from the top:

Disk Utility Partition Map

I’m pretty sure Windows must be installed on the third partition. It’s either that or the second one. For me right now, the third partition has done the trick.

Now, with a working WIndows install, I know how to verify the number in the boot.ini file. It does in fact correspond to the partition number as specified in the output of diskutil list, and/or df. It’s one greater than the number you’d expect if you were just going by Disk Utility’s GUI. Here’s the output from the quad-booting laptop as it is now, showing it as partition #4:

Last login: Sun Jun 13 19:22:13 on console
Macintosh:~ gslepak$ diskutil list
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *200.0 GB   disk0
   1:                        EFI                         209.7 MB   disk0s1
   2:                  Apple_HFS Snow Leopard            49.7 GB    disk0s2
   3:                  Apple_HFS Leopard                 32.6 GB    disk0s3
   4:       Microsoft Basic Data Windows                 29.2 GB    disk0s4
   5:                  Apple_HFS Tiger                   20.6 GB    disk0s5
Macintosh:~ gslepak$ df
Filesystem    512-blocks     Used Available Capacity  Mounted on
/dev/disk0s2    97069312 23384096  73173216    25%    /
devfs                218      218         0   100%    /dev
map -hosts             0        0         0   100%    /net
map auto_home          0        0         0   100%    /home
/dev/disk0s3    63741456 24106640  39634816    38%    /Volumes/Leopard
/dev/disk0s4    57012216 29356408  27655808    52%    /Volumes/Windows
/dev/disk0s5    40174016 15283088  24890928    39%    /Volumes/Tiger

Stubborn Tiger

Not to be outdone by its Redmond counterpart, Mac OS 10.4 Tiger turned out to be even more difficult to install.

First, the install disk that came with the computer (which had 10.4.9) refused to be recognized. It spun for a little while and was then spit out. So I inserted it into my PowerMac figuring I could just install over Target Disk Mode, but it refused to run because Apple watermarks these DVDs so that they only work on the exact same kind of computer.

Fortunately, I had another Tiger install disk that did work with any Mac. It was only after the installation finished (over Target Disk Mode, again), that I realized it was a PPC-only install, causing the Intel laptop to kernel panic on boot.

Feeling defeated, I went for a jog, during which I realized that I could insert the Intel install disk into my Unibody MacBook Pro, copy it onto an external hard disk, and boot off of that, thereby bypassing the flaky SuperDrive on the old MacBook Pro.

That outta do it, right?

Tiger's Stripes

And it did! Now I just had to figure out what to do about the crazy blue and black stripes on the screen that made it impossible to see the installer.

You see, this laptop, like most of its kind, was affected by the infamous NVIDIA 8600GT bug that completely wiped out its display capabilities. Apple kindly replaced the logic board but, in doing so, apparently killed its compatibility with Tiger.

You would think that by this point any sane person would have called it a day, but it was far too late for me. My OCD was in overdrive, and I had become sort of obsessed with solving this problem. Failure was not an option… not yet at least.

Verbose mode showed the following error:

GFX0 matching specific fails

Google wasn’t very helpful here unfortunately, but I figured that there was a missing or outdated graphics driver. So I spent some time copying and replacing kernel extensions from my Leopard install (which had finished without problems) into the Tiger installation drive. This took a rather long time, as each time I changed a kernel extension I had to reboot to see if the fix took. I had to replace them one at a time so as to avoid potentially compounding the problem (as kernel extensions have dependencies).

Sidenote: If you ever find yourself switching out kernel extensions, don’t forget to delete the cache files ‘Extensions.mkext’ and ‘Extensions.kextcache’ each time you do. These files may or may not be present in the /System/Library folder, depending on the OS version.

Eventually I realized this was stupid, because I could simply run the OS install by running the OSInstall.mpkg from within Snow Leopard:

OSInstall.mpkg

The installer ran (and hung at the end, of course) but it looked like it had installed everything that was necessary so I rebooted again from the Tiger disk.

I should mention that sometimes the disks that I needed to boot from did not appear in the Startup Disk preference pane, despite being bootable. I got around that by running the bless command on the volume:

sudo bless --mount /Volumes/Tiger --setBoot --nextonly

I booted into Tiger and again was greeted with its unreadable blue stripes, and by now the all too familiar setup theme music. Curses!

I decided to install the 10.4.11 Combo Update from Snow Leopard, thinking it might contain the proper drivers. The download link on Apple’s site was broken, but by this point the random problems no longer surprised me. After some searching I finally found a working link to it. Too bad though, the update did not fix the problem.

It then dawned upon me that this was all a test. God was testing me, to see how badly I wanted to install the outdated operating system, and whether I really did possess the geek-credentials I claimed to have.

So I went back to the old plan of replacing kernel extensions.

I copied a bunch of extensions over from Leopard that I thought might fix the problem without causing too many dependency issues. While that did get rid of the error message, and Tiger no longer sported blue and black stripes, instead, I saw only the black and white text of the verbose screen while the Tiger setup music played in the background, taunting me.

I proceeded to replace the kernel extensions with the originals, one-by-one, hoping to find the one that was responsible for the missing error message. After what had to be at least an hour I finally noticed it: the GFX0 error message was back, and it was after I had replaced NVDAResman.kext with its original.

Intrigued, I restored the entire Extensions folder back to its original state and replaced just NVDAResman.kext.

Tiger Install Success!

Success!!

Almost! There was one loose-end left to fix. After logging into my account on Tiger, I got a couple of error messages complaining about NVDANV50Hal.kext and GeForce.kext not loading properly. Simply removing them from the /System/Library/Extensions did the trick, with no noticeable ill effects (I tried replacing them with the ones from the Leopard install, but that didn’t work).

As a finishing touch, I used iPartition to shrink the Tiger partition. This way I won’t have to run iDefrag on it if I decide to install additional operating systems in the future (like 10.7). Here’s how it looks in Disk Utility:

Final Partition Map

Hopefully this post will save someone a headache, or two. 🙂

Espionage 2.7 Released!

The changes below include the changes for 2.7.1 and are marked as such.

We’re pleased to announce the release of Espionage 2.7, as usual, here’s the complete list of changes, followed by some of the key improvements:

  • NEW: Espionage can now import sparseimages and sparsebundles, converting them to folders.
  • NEW: Espionage now prevents the symlink from being moved, deleted or renamed when a folder is unlocked.
  • NEW: You can now send a folder to Espionage by using the Lock Folder contextual menu item (10.6 only)
  • IMPROVED: Espionage will try to unlock a folder a second time upon failing the first time to compensate for a bug in OS X.
  • IMPROVED: Added helpful troubleshooting tips to some dialogs.
  • IMPROVED: Now you can have apps within autounlocked folders be delayed-launched
  • IMPROVED: Check to make sure there’s enough space on the drive before encrypting a folder.
  • FIXED: Issue on 10.6 where you couldn’t re-lock a non-encrypted folder using the contextual menu
  • FIXED: Registration issue with licenses having ‘+’ in their email.
  • FIXED: In some situations a folder could be added to Espionage skipping the folder’s integrity check
  • FIXED: LCC installer didn’t remove old files, so updated check to take this into account
  • NEW (2.7.1): Application template for Google Chrome
  • IMPROVED (2.7.1): Ensures Espionage is forground app when adding a folder to it
  • CHANGED (2.7.1): Changed default filesystem to HFS+J
  • FIXED (2.7.1): Size check issue that could report a folder as being too large to encrypt
  • FIXED (2.7.1): Rare situation where the license type could be missing in the registration window
  • FIXED (2.7.1): Registration issue with licenses having ‘+’ in their email. (this time for good)
  • FIXED (2.7.1): Issue that could occur when renaming encrypted folder to a name that has forward-slashes
  • FIXED (2.7.1): Check for folder-in-folder encryption conflicted in rare situation with folder rename

Overview of Significant Changes

Sparseimage and Sparsebundle Import

If you have a sparsebundle or sparseimage with existing data encrypted in it, you can now turn it into an encrypted folder in a snap.

Just move the disk image to wherever you want the folder to be (for example here we’ve moved the sparsebundle onto the Desktop), and then drag it onto Espionage:

You’ll get this new prompt asking whether you’d like to turn it into an encrypted folder:

Click “Yes” and then simply enter the disk image’s password and you’re done! 🙂

By the way, if you’re a Knox user considering making the switch, you can now get a large discount on Espionage! Just see its homepage for details.

“Lock Folder” Contextual Menu improved for 10.6

Previously the “Lock Folder” contextual menu did not lock non-encrypted password-protected folders on Snow Leopard. Now, not only does it do that, but you can use it to send folders that aren’t already under Espionage’s protection to Espionage.

Enjoy! 😀

Existing iPhone Apps Breaking the TOS

Wow. It looks like someone made a Google Docs spreadsheet of existing iPhone applications breaking the TOS.

Some of these “sub-standard” applications appear to include:

It will be interesting to see how Apple responds to this. If they ignore it, is that essentially a green light to break their TOS, so long as you’re not on their shitlist and your name doesn’t begin with an ‘A’ and end in ‘dobe’?

This type of selective enforcement and hypocrisy does not breed developer loyalty and trust, rather, it fosters animosity and FUD.

Just in case the Google Docs link goes down here’s a mirror: (PDF | XLS).

Steve Jobs’ Response: A Brief Followup

The attention that yesterday’s post received is astounding, but unfortunately from the looks of it a lot of people seem to have a poor understanding of the situation. I feel compelled to address some of the sticking points.

On MonoTouch and other 3rd Party Tools

Some people appear to be under the mistaken impression that these changes are designed to prevent Java-like “non-native” UIs on the iPhone.

To be clear, the situation on the iPhone is completely different from that of the Mac. From the user’s perspective, you cannot tell the difference between an application written using MonoTouch or NimbleKit or Unity3D (non-Apple sanctioned tools that allow developers to code for the iPhone in non-C languages), and those written using Apple’s tools and Objective-C.

They look and feel exactly the same.

This is because they’re all using Apple’s UIKit to display the UI. In the case of Unity3D, which produces OpenGL games, you can’t tell whether the game was made using Unity3D or directly in Xcode, so it’s dubious that this is solely about “quality control” and keeping a uniform UI. If that was their sole motivation they could simply mandate that all non-OpenGL user interfaces make use of the native Cocoa frameworks and widgets.

Is it possible that these applications might be somehow better, perhaps faster, were they written directly with Apple’s tools? Maybe. Is that reason enough to outright ban them though? There are already hundreds of apps on the AppStore built using Unity3D, some of which are best-sellers.

There appear to be rumors online that even the Tap Tap Revenge game that Steve demoed during the iPhone 4.0 keynote is partially written in the Lua programming language. Oops.

It’s not surprising though (if true), because many popular games use a non-C scripting language for their game’s logic. It’s a versatile and common practice that gives developers (and even users) flexibility and creative freedom.

Whether Apple will remove these games I don’t know (I doubt it really). If they don’t, it’s hypocrisy because the wording of Section 3.3.1 clearly forbids it, and if they do then a bunch of great apps get pulled, a bunch of great developers get screwed, and a bunch of users are left disappointed. Even if they don’t pull these apps, Section 3.3.1, in its current state, is likely to deter future developers from taking advantage of these powerful techniques.

On Firefox

Many commenters seemed to be confused as to why I brought up Firefox. That discussion was tangential to the issues with Section 3.3.1. Steve referred to the “intermediate layers” that have existed on the Mac, suggesting that they all ultimately lead to sub-standard applications:

We’ve been there before, and intermediate layers between the platform and the developer ultimately produces sub-standard apps and hinders the progress of the platform.

Though there is truth to that I feel it is only half the story.

The question isn’t whether you agree or disagree about the quality of cross-platform applications, but whether they should be allowed to exist on a platform at all (please don’t forget we’re still talking about the Mac, not the iPhone, where most, if not all, 3rd party toolkits produce native-looking applications).

As far as the Mac is concerned, I’m grateful for the existence of high quality cross-platform software such as Firefox. A lot of people were puzzled at why I chose Firefox as an example of high-quality cross-platform software, the reason is simple: it fulfills my needs for web browsing better than every other web browser.

Only because so many people brought it up, here’s a brief list of features that explains why I feel this way, and please note that I consider the availability and quality of plugins/add-ons as part of the browser’s whole:

  • The Firefox AwesomeBar is awesome. It’s like Spotlight for your web browser.
  • Firefox’s bookmarks allow both tags and descriptions, which I make heavy usage of.
  • I love Firefox’s find-as-you-type feature.
  • I can drag my Firefox data folder to any machine on just about any operating system and everything will just work there.
  • I’ve noticed that Firefox uses far less RAM than Safari on my MacBook Pro. Where Safari will use upwards of 1.5GB of RAM, Firefox will use only about 800MB for the same “level of browsing,” and it’s far better about clearing that out when you close windows. To those who claim the opposite to be true, I suggest you delete your Firefox application support folder and reinstall the latest version.
  • Firefox’s diverse and remarkably powerful addons are my #1 reason for using it. Many of the addons that I use have no equivalent on other browsers, and this simply seals the deal for me. Some of my personal favorites, in no particular order, include: Tab Mix Plus, ProxyButton, Session Manager, URL Link, WikiLook, Adblock Plus, BlockSite, DownloadHelper, Firebug, and Greasemonkey.

Why does Firefox have so many awesome add-ons while Safari and other browsers do not? Oh, that’s right, it’s because Firefox runs on just about every operating system, and the addons are cross-platform as well. Firefox’s users thereby reap the benefits that an open platform and an army of developers provides.

Sure, Firefox doesn’t integrate with OS X’s Services and other Cocoa-only things, but for me it more than makes up for those relatively benign flaws, and I’m grateful to have it prominently displayed in my Dock.

EDIT: It appears the latest versions of Firefox do integrate with OS X’s Services. Some minor Cocoa functionality still appears to be missing (like the Dictionary lookup shortcut, though there are add-ons for that), but this is certainly a pleasant surprise. I could only find this two year old article referencing the changes.

Conclusion

Don’t let the digression on Firefox fool you into thinking that I’m demanding Apple allow XUL apps like Firefox on the iPhone. That’s not what Section 3.3.1 is about.

Section 3.3.1 bans applications that look and behave like all the other “native” apps on the iPhone, but are “originally written” in languages other than C/C++/Objective-C. Details here and here, and there’s also this excellent 37signals post.

Update (4/12/10): Existing iPhone Apps Breaking the TOS

Update (9/10/10): Eventually, Apple updated and relaxed their terms.

Steve Jobs’ response on Section 3.3.1

After posting my reaction to clause 3.3.1 of the iPhone SDK terms I decided to write Steve Jobs the following email:

Hi Steve,

Lots of people are pissed off at Apple’s mandate that applications be “originally written” in C/C++/Objective-C. If you go, for example, to the Hacker News homepage right now:

<http://news.ycombinator.com/>

You’ll see that most of the front page stories about this new restriction, with #1 being: “Steve Jobs Has Just Gone Mad” with (currently) 243 upvotes. The top 5 stories are all negative reactions to the TOS, and there are several others below them as well. Not a single positive reaction, even from John Gruber, your biggest fan.

I love your product, but your SDK TOS are growing on it like an invisible cancer.

Sincerely,
Greg

His response:

We think John Gruber’s post is very insightful and not negative:

http://daringfireball.net/2010/04/why_apple_changed_section_331

Steve

Of course he was right, I had somehow missed that post by Gruber, having only read the original. Gruber’s second post, which Jobs appears to be endorsing here, is indeed, very insightful, and may explain Apple’s motivations for the updates to section 3.3.1.

That said, I did not, and still don’t, consider those reasons to be very good, so I sent a reply in kind:

Sorry. I didn’t catch that post, but I finished it just now.

I still think it undermines Apple. You didn’t need this clause to get to where you are now with the iPhone’s market share, adding it just makes people lose respect for you and run for the hills, as a commenter to that article stated:

“So what Apple does not want is for some other company to establish a de facto standard software platform on top of Cocoa Touch. Not Adobe’s Flash. Not .NET (through MonoTouch). If that were to happen, there’s no lock-in advantage.”

And that makes Apple evil. At least, it does in the sense that Google uses the term in “don’t be evil” – I believe pg translated “evil” as something along the lines of “trying to compete by means other than making the best product and marketing it honestly”.

From a developer’s point of view, you’re limiting creativity itself. Gruber is wrong, there are plenty of [applications] written using cross-platform frameworks that are amazing, that he himself has praised. Mozilla’s Firefox just being one of them.

I don’t think Apple has much to gain with 3.3.1, quite the opposite actually.

Sincerely,
Greg

Within about 3 minutes a second reply graced my inbox:

We’ve been there before, and intermediate layers between the platform and the developer ultimately produces sub-standard apps and hinders the progress of the platform.

With replies this short (understandably, of course) I can only guess at his meaning. Perhaps he’s referring to the days when some applications were being written with CodeWarrior and various other build systems. Or maybe he’s referring to the transition from Carbon-based applications to fully Cocoa applications (like Apple’s own Finder), or applications that were written using Macromedia’s Shockwave, or applications written in pure Java or those written in the now-defunct Java-Cocoa bridge. Perhaps it’s a bit of all of these.

Sure, many of the apps written using these systems aren’t very pretty, but can you imagine a Mac without Mozilla’s Firefox? Or a Mac that couldn’t run applications written in Python, Ruby, Java or a myriad of other languages? You would probably consider such a Mac severly handicapped. I don’t believe the existence of these in any way hampers Apple’s ability to progress the Mac platform, to the contrary, they enhance it. The existence of some sub-standard applications should not remove our ability to use those works of art that just so happen to be written without the aid of Apple’s tools.

I have nothing against Apple’s desire to enforce “quality applications”, but there are far better ways of going about it. Mandating that applications be “originally written” using Xcode and the C-based languages is just foolish as it does not magically create quality. What it does do, as I explained previously, is send developers running for the hills, or more specifically, to competing platforms where they have more creative freedom.

Does Section 3.3.1 help Apple in any way?

Gruber makes several claims:

So what Apple does not want is for some other company to establish a de facto standard software platform on top of Cocoa Touch. Not Adobe’s Flash. Not .NET (through MonoTouch). If that were to happen, there’s no lock-in advantage. If, say, a mobile Flash software platform — which encompassed multiple lower-level platforms, running on iPhone, Android, Windows Phone 7, and BlackBerry — were established, that app market would not give people a reason to prefer the iPhone.

And, obviously, such a meta-platform would be out of Apple’s control. Consider a world where some other company’s cross-platform toolkit proved wildly popular. Then Apple releases major new features to iPhone OS, and that other company’s toolkit is slow to adopt them. At that point, it’s the other company that controls when third-party apps can make use of these features.

There is truth to this, but I think it’s absurd to think that a third-party toolkit that failed to keep up with Apple’s APIs and produced poor quality apps would ever be popular. Why would users and/or developers willingly choose to use an inferior product? And if they do, so what? No one is forcing you to use them. Further, the vast majority of applications written for the iPhone *have* been written using Apple’s tools, before these changes were made to Section 3.3.1.

Are these imagined advantages worth the consequences?

Many (if not most) developers do not view a company that is blatantly trying to “lock them in” favorably. It is not a virtue that people respect. If I were to write an app for the iPhone, I would choose the tools that I deemed “the best”, voluntarily, and that probably means I’ll use Objective-C and Xcode. But the notion that those are the only tools that I’m allowed to use scares me, and it seems, many others.

The iPhone is the #1 smartphone because people *like it*. They chose it based on the quality of the product itself, and developers flocked to it because of its popularity and its amazing tools. There was no need to lock anyone in, Apple got to where it is on merit, and that’s respectable. Trying to forcibly lock users and developers into the platform is a sign of insecurity.

Everyone fears The Ignorant Boss

For developers, this is the person who knows nothing about programming yet insists that you use X tool and write it in Y language. Now, suddenly, it is as if the formerly independent iPhone developers all have such a boss, and the worst part is that they can’t even communicate with this one. He lives several thousand miles away in Cupertino and isn’t even aware of their existence or anything related to their project.

Gruber goes on to discuss the impact Section 3.3.1 has on the user’s point of view:

I can see two arguments here. On the one side, this rule should be good for quality. Cross-platform software toolkits have never — ever — produced top-notch native apps for Apple platforms.

Ignoring the fact that Gruber is making objective that which is totally subjective, this is just plainly untrue.

One of my favorite applications on the Mac is Mozilla’s Firefox, and certainly my favorite web browser. I think it beats the pants off Safari. As this is not a review of Firefox I won’t get into the details, but I will point out that Firefox is written using a cross-platform software toolkit.

A friend of mine is a musician who thinks the world of Ableton Live (also written using a cross-platform software toolkit), while deriding Apple’s Logic Pro as “lackluster.”

Without question these are all examples of “top-notch” software written using cross-platform toolkits. There are hundreds of others. Much of the software that’s hidden from view and supports the foundations of Mac OS X itself is software that is written using cross-platform toolkits, and all of these are “native” in the sense that they run just as fast as software using the Cocoa frameworks. Some might have widgets that look different, but so do most iPhone games written in accordance to Apple’s rules, should we ban them because of it? That would be absurd and tantamount to software-racism!

I sent a final response to this effect:

The Mac has only been helped by the fact that Firefox, Ableton Live, and hundreds of other high-quality applications can run on it thanks to the fact that developers have a choice as to what tools they can use on it.

Crappy developers will make crappy apps regardless of how many layers there are, and it doesn’t make sense to limit source-to-source conversion tools like Unity3D and others. They’re all building apps through the iPhone developer tools in the end so the situation isn’t even comparable to the Mac where applications can completely avoid using Apple’s frameworks by replacing them with others.

In my opinion, 3.3.1 only serves to make the platform less attractive to legitimate developers, giving them reason to write their software for competing platforms instead.

Thanks for considering this.

Sincerely,
Greg

Apple is free to write whatever absurd rules they want for their SDK, but in doing so, I think the “creative company” is undermining creativity itself, and at its own expense.

The full text of this exchange with headers (sans the final reply), is right here.

Update (4/11/10): Steve Jobs’ Response: A Brief Followup

Update (9/10/10): A few months after this posting, Apple updated and relaxed their terms.

Dear Apple: The iPhone deserves better SDK terms

Outrage over this little clause in the new iPhone developer SDK terms is erupting all over the internet:

3.3.1 — Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).

And rightly so.

On our About page we explain why we develop software for the Mac:

We believe that Apple has created an environment where great software can really thrive.

I still feel this way about the Mac, but I no longer consider the iPhone or the iPad worthy of such sentiment because of the draconian terms under which one must operate to develop for those platforms.

What Apple’s engineers have done with the iPhone is amazing. They’ve simply outdone themselves when it comes to the quality of both the software and the hardware. However, I no longer think Apple can continue to honestly claim that they have the best phone around. Steve Jobs and Apple’s legal department have taken a figurative dump on their hard work with these insane restrictions, and that creates an foul odor that stains the product as a whole.

Missing Applications

The new rules, interpreted as written, ban all kinds of applications written by great folks who have put in countless hours of work developing for this platform.

Games developed using the great Unity3D engine are not “originally written” in Objective-C, C, or C++.

The incredible work that James Long put into creating what is probably the first-ever OpenGL game written in Scheme on the App Store, is now thrown into question.

With these terms, Apple is going against its own Think Different model, destroying creativity itself through the enforcement of a monoculture of developer tools. They are effectively saying that you can be creative, so long as you’re creative our way, an absurdity known in psychology as a double bind.

Developers Running Away

The SDK terms are not just insulting, they’re bad business. Great developers like Tim Bray are forsaking the iPhone platform out of disgust and running to Google’s Android platform. Dan Grigsby of Mobile Orchard just announced they’re abandoning iPhone development because of these restrictions.

Despite my familiarity with Apple’s tools and the language Apple insists developers use, at the present time I can’t envision myself writing an app for the App Store, because in clicking that Agree button on the license terms I suddenly find myself feeling like an infant, as though I can no longer be trusted to make basic decisions and must therefore be locked in a crib surrounded by child-proof toys and bars.

For companies like Google, all of this should be good news, because despite its shortcomings, Android’s relatively open platform is starting to look far more inviting.