So Affinity Photo is making all kinds of requests from the Macs it's installed on. Don't know why it does that, but it's not good.
On the Mac sandbox the ability to make client requests is a boolean: all or nothing. Since most apps like to connect to get additional resources/whatever, it's usually on, right? As a result: zero protection against this.
https://mastodon.ar.al/@aral/113759435866651420
This is why I've been putting so much thought into outgoing net requests for #Dropserver. It's hard to get right.
1/
=> More informations about this toot | More toots from teleclimber@social.tchncs.de
While there are technical challenges related to the sandbox, especially when dealing with different platforms (like Mac and Linux) the real challenge is having a good enough DX (for the app dev) and UX (for the app user) to allow/deny requests.
At the very least, an app should not be able to dial out willy nilly to a bunch of random domains. Also, it should be blocked from dialing out to local / private IPs unless explicitly allowed.
2/2
=> More informations about this toot | More toots from teleclimber@social.tchncs.de
text/geminiThis content has been proxied by September (ba2dc).