Normal Users Don’t Code On Their Mac, But Apple Keeps Trying

Most people use their computer to run pre-packaged programs: usually a web browser, games, or office applications. Whether the machine is a PC or a Mac, they don’t generally write their own software. For them, the computer is an appliance, and they do what their computer allows them to do.

It shouldn’t have to be that way, if only programming were easier. The Eclectic Light Company has a fascinating article looking at the various attempts that Apple has made to lure their users into creative programming.

Probably the most familiar of them all is AppleScript, with its origins in late 1993. Or maybe you’re thinking of Hypertalk, the scripting component of 1987’s Hypercard. That would go on to be a mainstay of mid-1990s multimedia software, but while it’s fallen by the wayside it’s AppleScript which still has support in the latest MacOS.

The biggest surprise for us lies in the forgotten products. 1989’s Prograph graphical language looks amazing. Was it simply before its time? In the modern era, Apple describes the reach of Shortcuts diplomatically: “its impact has so far been limited”.

Maybe the most forward-thinking line on programming from Apple came in 2007, even if it wasn’t recognized as such. The original iPhone didn’t have any third-party apps, and instead developers were supposed to write web apps to take advantage of the always-connected device. Would that be such a bad piece of advice to give a non-developer writing software for their Mac today?

Neutering The Apple Remote Desktop Exploit


Yesterday, Slashdot reported a privilege escalation vulnerability in OSX. Using AppleScript you can tell the ARDAgent to execute arbitrary shell script. Since, ARDAgent is running as root, all child processes inherit root privleges. Intego points out that if the user has activated Apple Remote Desktop sharing the ARDAgent can’t be exploited in this fashion. So, the short term solution is to turn on ARD, which you can do without giving any accounts access privileges. TUAW has an illustrated guide to doing this in 10.4 and 10.5.