This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Sandboxing Implications and Future Plans - Clarification Requested
I'm a happy user of 1Password on Leopard and Snow Leopard. As the "go to geek" in my family, I've recommended 1Password to others, who have now become happy customers as well. Only recently have I stopped recommending 1Password, as a sign of my uncertainty in its future.
1Password seems to be headed pretty steadily in the Mac App Store (MAS) direction. v3.5/3.8 from the Agile site will be supported for some time, but there doesn't seem to be future major releases other than at the MAS.
Agile's mentioned in this [url="http://arstechnica.com/apple/news/2011/11/apple-pushes-back-sandboxing-deadline-as-devs-struggle-with-tradeoffs.ars"]article on Ars[/url] that talks about the sandboxing requirements:
[quote]
"We're on board with the approach that customers shouldn't have to care about things like where their files are," Agile Bits spokesperson David Chartier told Ars. "Now that we've implemented it, down the road it's going to eliminate a ton of customer service problems for us, such as people putting their password store in a nonstandard place and then end up accidentally putting it in the trash or deleting it."
...
"A small portion of our power users are upset [about the change]," Chartier said, "and I think there are a few things Apple could do better to make things easier on both sides. But in general, we like the idea of sandboxing because its advantages in general security and simplifying things for the end user are worth it."
[/quote]
I'm wondering the following:
1) Isn't there a way to make life easy for most users while simultaneously supporting power users and existing functionality? Reasonable defaults for most users should be easy to implement regardless of sandboxing. When I read the paragraphs quoted above, I couldn't help but read between the lines that the imagined benefit was smaller support overhead. Clearly, the move wasn't targeting improved customer experience. Additional security restrictions pretty much [b]never[/b] result in improved customer experience.
2) What if general users, not only power users, are negatively affected by this change? [url="http://support.agilebits.com/discussions/1password-in-mac-app-store/518-caution-391-might-be-losing-your-passwords"]Support threads like this[/url] point to problems stemming from sandboxing.
3) Like any other company, Apple often releases things and proceeds to refine them further. It's not an attack on Apple but just the way things work. Early adopters are effectively guinea pigs. Why did Agile jump on this bandwagon so quickly, even while Chartier admits that the system needs work? It's not like these policies have received general acclaim:
John Siracusa said, "I think Apple has a long way to go to provide equivalent new APIs for all the stuff Mac apps currently do the 'old, insecure' way."
[url="http://blog.wilshipley.com/2011/11/real-security-in-mac-os-x-requires.html"]Wil Shipley wrote[/url], "The problem Mac developers are facing is that the two that Apple is enforcing on the Mac App Store (Sandboxing and Code Auditing) are implemented currently to be actively bad for developers and not particularly good for users."
4) What if the MAS ends up being the wrong place for 1Password? Is Agilebits in "Damn the torpedoes, full speed ahead" mode? Is moving back to independently-distributed releases anywhere on the radar, or even within the realm of possibility? It's not often a company has the guts to admit a move may have been wrong or premature, yet the 1Password migration to MAS seems to be just that.
5) What specifically are the changes to functionality resulting from the sandboxing changes? The Ars article says about Agile, "[It] took some work on the company's end, including a removal of some functionality and flexibility from the software ..." While most users may be unaffected by these changes, it would be a welcome gesture of openness and honesty to publish these changes, rather than have power users receive the rude awakening of discovering this lost functionality on their own, especially after purchasing a separate license for the new version. Without open, honest communication about changes in functionality, it's left to customers to wonder why their apps don't work the way they anticipate, as seen in the support thread linked to above.
I hope to continue to be a happy customer, and to refer others to Agilebits products. However, I'm concerned by the rose-colored perception given by Agile's public remarks. I'm concerned by the reports of actual users who have upgraded to the MAS version of the software. I'm concerned that Agile is a little too quick to jump on unproven technology, too quick to play ball with Apple's rules, and too quick to charge people for the results of such experiments.
Thank you for your understanding.
1Password seems to be headed pretty steadily in the Mac App Store (MAS) direction. v3.5/3.8 from the Agile site will be supported for some time, but there doesn't seem to be future major releases other than at the MAS.
Agile's mentioned in this [url="http://arstechnica.com/apple/news/2011/11/apple-pushes-back-sandboxing-deadline-as-devs-struggle-with-tradeoffs.ars"]article on Ars[/url] that talks about the sandboxing requirements:
[quote]
"We're on board with the approach that customers shouldn't have to care about things like where their files are," Agile Bits spokesperson David Chartier told Ars. "Now that we've implemented it, down the road it's going to eliminate a ton of customer service problems for us, such as people putting their password store in a nonstandard place and then end up accidentally putting it in the trash or deleting it."
...
"A small portion of our power users are upset [about the change]," Chartier said, "and I think there are a few things Apple could do better to make things easier on both sides. But in general, we like the idea of sandboxing because its advantages in general security and simplifying things for the end user are worth it."
[/quote]
I'm wondering the following:
1) Isn't there a way to make life easy for most users while simultaneously supporting power users and existing functionality? Reasonable defaults for most users should be easy to implement regardless of sandboxing. When I read the paragraphs quoted above, I couldn't help but read between the lines that the imagined benefit was smaller support overhead. Clearly, the move wasn't targeting improved customer experience. Additional security restrictions pretty much [b]never[/b] result in improved customer experience.
2) What if general users, not only power users, are negatively affected by this change? [url="http://support.agilebits.com/discussions/1password-in-mac-app-store/518-caution-391-might-be-losing-your-passwords"]Support threads like this[/url] point to problems stemming from sandboxing.
3) Like any other company, Apple often releases things and proceeds to refine them further. It's not an attack on Apple but just the way things work. Early adopters are effectively guinea pigs. Why did Agile jump on this bandwagon so quickly, even while Chartier admits that the system needs work? It's not like these policies have received general acclaim:
John Siracusa said, "I think Apple has a long way to go to provide equivalent new APIs for all the stuff Mac apps currently do the 'old, insecure' way."
[url="http://blog.wilshipley.com/2011/11/real-security-in-mac-os-x-requires.html"]Wil Shipley wrote[/url], "The problem Mac developers are facing is that the two that Apple is enforcing on the Mac App Store (Sandboxing and Code Auditing) are implemented currently to be actively bad for developers and not particularly good for users."
4) What if the MAS ends up being the wrong place for 1Password? Is Agilebits in "Damn the torpedoes, full speed ahead" mode? Is moving back to independently-distributed releases anywhere on the radar, or even within the realm of possibility? It's not often a company has the guts to admit a move may have been wrong or premature, yet the 1Password migration to MAS seems to be just that.
5) What specifically are the changes to functionality resulting from the sandboxing changes? The Ars article says about Agile, "[It] took some work on the company's end, including a removal of some functionality and flexibility from the software ..." While most users may be unaffected by these changes, it would be a welcome gesture of openness and honesty to publish these changes, rather than have power users receive the rude awakening of discovering this lost functionality on their own, especially after purchasing a separate license for the new version. Without open, honest communication about changes in functionality, it's left to customers to wonder why their apps don't work the way they anticipate, as seen in the support thread linked to above.
I hope to continue to be a happy customer, and to refer others to Agilebits products. However, I'm concerned by the rose-colored perception given by Agile's public remarks. I'm concerned by the reports of actual users who have upgraded to the MAS version of the software. I'm concerned that Agile is a little too quick to jump on unproven technology, too quick to play ball with Apple's rules, and too quick to charge people for the results of such experiments.
Thank you for your understanding.
Flag
0
Comments
-
1. The only problem here is one of numbers. How many people are really having an issue with the default location for the keychain versus those that couldn't care less? Much like a car engine the owner of a vehicle doesn't have to give a rip about whether he/she has 4 cylinders or 8 they just expect the car to start and run when they turn the key. Sandboxing reduces the amount of places that data can be written to but in the same token it's reducing these variables and that's what Chartier was talking about. Do power users take a hit? Sure some of them do but the simplification of where the data resides is certainly beneficial to many end users as well as Agile.
2. Reading that thread you cannot really substantiate if that's a sandboxing issue or a database issue. If passwords are being deleted them I'd have to believe the first place to look at is the data store and look for possible corruption.
3. Agile jumped in early but the risk was mitigated by the fact that 1PW 3.8.x is still being actively developed.
4. Hasty Generalization. It's plausible that Agile has looked at the ramifications of the MAS and will continue to do so and decide on what path is best for their customers and company. Whether the move to MAS is wrong or premature is one of opinion and metrics. For the power user it may seem negative because of changes in functionality but for Agile they could be seeing an uptick in sales from the move. They are likely judging the efficacy of the MAS move from a wholly different set of criteria than the end user.
5. There was a decent FAQ posted but I can't find it In addition to the more rigid storage of location the ability to switch between two keychains was gone, bookmarklets are no longer available because of blowfish licensing I believe and some other features.
We'll see how things turn out but I'm encouraged by Apple delaying Sandboxing as a requirement until next March. That's Apple listening and likely there will be subtle changes that will bring some needed features back but that's me guessing.Flag 0 -
[quote name='kirbysdl' timestamp='1320711130' post='53808']
5) What specifically are the changes to functionality resulting from the sandboxing changes?
[/quote]
The major change that was made because of the sandboxing is the location of the 1Password data file. Previously it was possible to keep the data file pretty much anywhere because 1Password was allowed to access your entire file system. With the sandboxing there are just two pre-defined locations where the data file can be stored (the ~/Library/Containers subfolder and the ~/Dropbox folder).
If you have access to WWDC videos, I encourage you to see the "Introducing App Sandbox" session.
Sandboxing is a great technology and it will make the life of the Mac users better. I really hope that Sandboxing will succeed or we will end up in the same boat as Windows users, clicking Cancel-or-Allow and buying "antivirus" apps.Flag 0 -
In addition to Roustem's sentiments, I would also suggest that anyone ("geek" or otherwise) that is interested in knowing the differences between 1Password 3.8.x from the AgileBits web site and 1Password 3.9.x from the Mac App Store should [url="http://forum.agilebits.com/index.php?/topic/8068-official-answers-1password-and-the-mac-app-store/"]read the FAQ[/url] that we put into place either just before, or just as we saw Apple approve our 3.9.0 release. We (myself included as one of the authors) tried to be as inclusive as possible in the list of differences so that no one should be caught off-guard.
While that FAQ is now actually a little dated (Firefox 5: what's [i]that[/i]? <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />), we've left it unchanged for quite a while now so that no one would say "You didn't say that originally!" — we actually did. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' /> If anything significant was left out of the list it was purely unintentional. We believe that our customers have a right to know what to expect.Flag 0 -
I'm not entrusting my credit card information to just anyone. Agile supporting Sandboxing, even with some modifications, is overall a good thing to me.
I'm not really understanding the push back on MAS support. It's almost everyday that I see a new vendor moving MAS only. I think think developers are being
coerced but rather realizing they got into the business to develop great software ...not run payment processing and ecommerce.
It'll be interesting to see what changes happen from the delay of mandatory sandboxing to March 2012. Perhaps some more features or at least guidance happens before
then.Flag 0 -
1Password is not MAS only. Depending on the version you are after (windows, mac, android, ipad, iphone) you potentially have 3 stores to choose from (Agile, MAS, App Store). I await with interest the day when you go to MAS, complete with its sandboxing requirements, to buy the Windows version.
But then I'm just being contrarian given that I think people go into business to make money. Great software merely increases your chances of making money.Flag 0 -
[quote name='charlie98' timestamp='1320876019' post='53864']
1Password is not MAS only. Depending on the version you are after (windows, mac, android, ipad, iphone) you potentially have 3 stores to choose from (Agile, MAS, App Store). I await with interest the day when you go to MAS, complete with its sandboxing requirements, to buy the Windows version.
But then I'm just being contrarian given that I think people go into business to make money. Great software merely increases your chances of making money.
[/quote]
At the end of the day, we've gotta make a buck to pay the bills and put food on the table just like the next guy. That certainly isn't our only reason for wanting to make 1Password awesome though. 1Password is also "dog food" (see the Wikipedia article on [url="http://en.wikipedia.org/wiki/Eating_your_own_dog_food"]eating your own dog food[/url]). Many of the people (myself included) that you see working for Agile started out by being passionate 1Password users participating on these very forums, just like you folks.
You are correct in saying that "1Password" is not a MAS exclusive. 1Password for Mac (our "flagship" product) version 4 will be, though.
Thanks!
BenFlag 0