Talk:Quartz Composer

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Apple Inc. (Rated Start-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Apple Inc., a collaborative effort to improve the coverage of Apple, Macintosh, iOS and related topics on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
Checklist icon
 Low  This article has been rated as Low-importance on the project's importance scale.
 

What is safe?[edit]

"Custom patches using Apple's Xcode template are always considered unsafe." Does this make sense? If apple's templates are unsafe, which ones are not Pstdenis (talk) 23:09, 15 January 2009 (UTC)

  • It could probably be better phrased, but it makes some sense. It is not Apple's Xcode template ..., but Apple's Xcode template... In other words, the ones people make themselves. Mlewan (talk) 19:42, 16 January 2009 (UTC)
  • Chiming in here, at risk of some taintage: Apple's template for QC patches (included with xcode) has no provision for "safe" plugins. However, there are non-apple templates that can mark themselves as safe. One such template is the kineme one (I'm one of the developers of that template, hence the potential conflict of interest on my end) -- This reference: http://fdiv.net/2007/05/08/xcode-template-for-custom-quartz-composer-patches/ points to an extremely early version of this template. Feel free to clear it up as y'all see fit (or ask for more details :) Xtophyr Wright (talk) 21:14, 16 February 2009 (UTC)
  • Chiming in more, ARE there any "Quarz Composer Trojan Horses out there? QC allows one to make sub-patches that can execute (I suppose) arbitrary JavaScript code - or perhaps even Cocoa code included as a dylib or something in the QC document package (I haven't messed with it enough to know either). Even with just JS, a malicious hacker might be able to do some damage, unless QC runs the JS in a sandbox that cannot mess with the outside environment, or alerts the user IF AND ONLY if the JS tries to get information from outside the sandbox. (Grumble about Apple's arguably flawed "File Quarantining" - which will train users to just click through another "well intended but annoying" dialog. Anyway, it is NOT a "quarantine" - because there is NO way that I know of for the system to absolutely determine if a file IS safe - whether or not the USER trusts it - the whole POINT of Trojan Horses is to get the user to trust them. Now, if Apple could REALLY "quarantine" a file in a sandbox for long enough to ensure that it would NOT mess with anything that it shouldn't.. That might work) —Preceding unsigned comment added by 216.9.142.228 (talk) 00:27, 5 May 2010 (UTC)