Re: OS X 10.8 Security & Applescripts - "unidentified developer"
Re: OS X 10.8 Security & Applescripts - "unidentified developer"
- Subject: Re: OS X 10.8 Security & Applescripts - "unidentified developer"
- From: "Houston, Brad" <email@hidden>
- Date: Mon, 20 Aug 2012 16:50:42 -0400
- Acceptlanguage: en-US
- Thread-topic: OS X 10.8 Security & Applescripts - "unidentified developer"
Title: Re: OS X 10.8 Security & Applescripts - "unidentified developer"
Ah, I wish I hadn’t put in those few words “and/or can’t evaluate what it will do”, which were an after-thought. The only responses, minus one, have gone after that one phrase, leaving the bulk of my point
untouched.
On consideration, it occurred to me that the conversation might have been concerning Apps, as for smart phones (about which I know nothing), while I was thinking of applescript application files (which
can be opened and evaluated for what they might do). If that was the case I withdraw my rant.
Security is always a touchy point, especially in an environment where some people glory in attacking others indiscriminately and anonymously, but I tend to come down on the side of the quote “Those who would sacrifice freedom for security deserve neither.”
Its not the signing I have a problem with, its the requirement being imposed on the 99.9% of those who are benign and just trying to help others, with the implicit possibilities for abuse of that beholding in the future once the target, us, have grown accustomed
to the idea that we must have permission of some entity to do what we could do before without permission. While that permission might be granted freely today (the honeymoon phase), it can be withheld tomorrow; strategy and tactics of modern business models.
Brad
On 8/20/12 12:09 PM, "John C. Welch" <email@hidden> wrote:
On 8/13/12 7:40 PM, "Alex Zavatone" <email@hidden> wrote:
>
>On Aug 13, 2012, at 6:59 PM, Shane Stanley wrote:
>
>>On 14/08/2012, at 6:41 AM, "Houston, Brad" <email@hidden> wrote:
>>>Stepping back a moment from dealing with the problems associated with
>>>compliance with this new demand, can anyone tell me how this is a
>>>benefit to the world of scripting.
>>It's not designed particularly for the "world of scripting". It's simply
>>a way that a user can, if they wish, check that an application came from
>>a potentially traceable source, and hasn't been tampered with by someone
>>else in transit. In the case of non-script apps, code-signing itself has
>>also been the basis of certain user conveniences when upgrading apps for
>>several years.
>>>If we don¹t trust a script, and/or can¹t evaluate what it will actually
>>>do, DON¹T RUN IT.
>>So how exactly do you evaluate what a script will do without running it?
>
>If you don't have access to the source, you can't.
I can get the source code to all kinds of things. It doesn¹t mean:
1) I have the knowledge of the language to read it correctly
2) I'm familiar enough with the specific implementation to evaluate what
I'm reading correctly
3) I know enough about all the possible interactions (short of running it
through a debugger for days at a time) to know what I'm evaluating is
actually doing.
"the source is available" is one of the best dismissals ever. but that's
all it is. Every time I read that, I actually see "I've no time to explain
anything to anyone not as smart as I".
--
³The Americans have need of the telephone, but we do not. We have plenty
of messenger boys.² ? Sir William Preece, Chief Engineer, British Post
Office, 1878.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If
the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have
received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor, review and process the content
of any electronic message or information sent to or from McGraw-Hill e-mail addresses without informing the sender or recipient of the message. By sending electronic message or information to McGraw-Hill e-mail addresses you, as the sender, are consenting
to McGraw-Hill processing any of your personal data therein.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden