HotKeys Again

Posted on May 18, 2012
Filed Under Commentary | Leave a Comment

First, I’d suggest reading Michael Tsai’s blog post on the hot key issue. I think he’s got the best post out there. I just wanted to expand a little bit to the comments I wrote relative to my post on the topic earlier this week. Part of the issue was that in a lot of the early news and commentary on the issue it really wasn’t clear what was meant by hot keys. Michael assumes it was just calls to RegisterEventHotKey. Which in hindsight is probably the more sensical interpretation to have taken. So I probably screwed up interpreting it a bit more broadly. (Although others did as well – which probably why there was so much confusion) 

Most of what makes hot keys potentially dangerous are already no-nos with the sandbox. The problem is with key loggers or the like. A key logger could simply set up regular keys as hot keys, save that they were typed, and then create an event for the front window with one of the CGEventxxx calls. (Caveat – while I’m a programmer, I’ve not done much Mac application coding. I primarily have done lower level stuff.) My understanding though is that this isn’t a danger since you can’t do CGEventPost calls in Mac App Store apps.

My original post really isn’t about this sort of potential malware. I think the mere act of having to go through hoops and have a real business to sell at the app store eliminates most malware. What’s left over isn’t going to be heavily limited if it manages to get through the approval process. It’s true Apple apparently has some program that scans for what APIs are used during the approval process. However that still only gets you so far.

While I do think the sandbox will limit malware I honestly don’t think it’s the main justification for the shift. Rather I think Apple just truly wants applications to be more independent. This is partially to avoid one application causing (despite the best of intentions) trouble in an other application. I honestly think Apple’s basic mindset – for better or worse – was set by how Flash behaved in Safari. I think they looked at that and thought that they’d like to lock things down more. 

The problem is, of course, that for most of us we want our Mac to do a whole lot more than our iPhone or iPad does. I think Apple was a bit naive in all this but has been listening to developer feedback. The problem is that Apple introduced the Mac Apps Store before figuring out how they’d like to limit things. Needless to say this has led to a slew of headaches and upset developers with Apple pushing their deadlines back and back again. Not to mention seriously changing the “holes” allowed in the sandbox.

What Apple’s really after though are the following:

• Limit what a malformed document can do within an application. (Witness what happens with Acrobat on Windows)
• Limit how one application can modify an other. (Most users just don’t understand a separate application suddenly changing how it looks or behaves)
• Have things behave in a predictable consistent fashion

Now I think sandboxing does help a little with regard to malformed documents. To a point. There will still be crashes and I’m sure hackers will figure out how to make use of even sandboxed applications. But it will be harder if those applications have pretty severe limits where they can write on the file system.

The bigger issue to my mind are the second and third points. Yes hot key trapping typically is used within an application just to affect that application and in a fairly limited way. And yes, it is pretty common. My understanding though (and here’s where my ignorance of writing Cocoa code might be coming out) is that there typically are multiple ways to get that functionality. You don’t just need to use the hot key mechanism. (Now a moot point since apparently Apple’s still going to allow it)

Where you absolutely need the hot key mechanism is to fundamentally change how things behave. That is it’s not just a way for a key to do something within a particular application but globally. Now typically applications using hot keys for this do a lot more. For instance macro programs like Quikeys or Keyboard Maestro generate new events for things like mouse actions, typing or more. Key loggers obviously could do this as well. (I don’t think they actually do work that way – although maybe I’m wrong) 

Now macro programs are already not going to be allowed at the MAS. And my thinking really wasn’t ultimately about malware either. What I was worried about was trapping keys that users expect to behave in a predictable fashion. Since hot keys are a global intercept there is the potential to really thoroughly confuse naive users.

I know that any power user will be rolling their eyes at this point. The one thing I have realized after using an iPad and watching my wife and kids use it is just how important simplicity is for many users. It’s just not for me. I want all those cool macro programs and programs that provide new system level functionality. And I don’t mind installing them. In fact I try not to buy from the MAS both because more of the money goes to the developer but also because I want that external ecosystem to flourish. Naive users though don’t want to have to understand nuance with a program. They just want to buy it and have no surprises. It’s completely understandable to me for Apple to seek to provide that.

Comments

• Search

Try Amano Chocolate

• Recent Comments

  • Clark in ObjC to Javascript
  • Tim Yen in Google IO Thoughts
  • Clark in ReactiveCoreData
  • has in ReactiveCoreData
  • has in ReactiveCoreData
  • has in ObjC to Javascript
  • Google IO Thoug… in Comparing Siri and Google
  • Google IO : Cla… in Google vs. Apple Maps Revisited Yet…
  • Clark in ReactiveCoreData
  • MS to Buy Nook … in MS to Buy Nook

• Recent Posts

  • Evernote Scale Images
  • Evernotes Tips
  • MacStories on KM
  • On the Drobo
  • Starters Guide to iOS Design
  • How to Know iCloud
  • Different IO Take
  • Airplay Applescript

Archives

Select Month May 2013  (26) April 2013  (26) March 2013  (37) February 2013  (35) January 2013  (55) December 2012  (49) November 2012  (50) October 2012  (74) September 2012  (63) August 2012  (79) July 2012  (73) June 2012  (25) May 2012  (26) April 2012  (16) March 2012  (28) February 2012  (13) January 2012  (24) December 2011  (20) November 2011  (8) October 2011  (15) September 2011  (30) August 2011  (33) July 2011  (24) June 2011  (9) May 2011  (4) April 2011  (4) March 2011  (22) February 2011  (6) January 2011  (26) December 2010  (15) November 2010  (7) October 2010  (9) September 2010  (23) August 2010  (20) July 2010  (21) June 2010  (22) May 2010  (19) April 2010  (24) March 2010  (26) February 2010  (36) January 2010  (43) December 2009  (9) November 2009  (44) October 2009  (47) September 2009  (60) August 2009  (49) July 2009  (59) June 2009  (18) May 2009  (1) April 2009  (1)

Categories

Select category Apple TV  (19) Applescript  (82) Automation  (84) Backups  (7) BBEdit  (16) Blog  (17) Cocoa  (22) Commentary  (176) Contactizer  (4) Contacts  (15) Dashboard  (1) Day One  (6) Electronics  (3) Evernote  (5) Fonts  (5) Games  (2) Google  (3) GrandTotal  (5) History  (1) Home Improvement  (1) Humor  (3) iCal  (6) iPhone/iPad  (110) iTunes  (26) iWork  (2) Macro Programs  (12) Mail  (16) Maps  (5) MarsEdit  (8) NetNewsWire  (2) Parallels  (1) Photo  (5) Productivity  (17) Programming  (14) Python  (106) Reviews  (37) Safari  (3) SalesForce  (7) Science  (2) Sideblog  (873) Siri  (3) System  (78) TextMate  (12) Twitter – ADN  (15) Uncategorized  (18) Windows  (1) XCode  (19)

• Blogroll

  • Betalogue
  • Daring Fireball
  • Dr. Drang
  • Mac Achaia
  • Mac Rumors
  • Macdrifter
  • Michael Tsai
  • Planet Cocoa
  • TUAW

• Admin

  • Log in
  • Wordpress
  • XHTML