rstewart@ccwf.cc.utexas.edu (Robert Stewart) (04/24/91)
This is a pretty long report on Gatekeeper 1.2. Almost all of it consists of direct quotes from the info sent out from Chris to all beta-testers. DESIGN PHILOSOPHY "I wanted a product that was modular both internally and externally so that it could be maintained and expanded in simplest and most reliable possible fashion. I particularly wanted a modular user interface because even in the days of 1.1.1, there were featues in Gatekeeper that nobody could use because there wasn't enough space in the already overcrowded cdev for the controls necessary to turn those features on and off. I also wanted a radically improved form of the privilege list (one that was, among other things, self documenting), a totally different sort of log file (one whose length could be limited, for a start), a way to move privileges between copies of Gatekeeper (even if the versions differed), and I wanted all the configuration information stored in a file separate from the Gatekeeper cdev." 1.2 VS. 2.0 "This version is being renovated to include as many of the bug fixes and other improvements of 2.0 as possible, *without* restructuring or rewritting the bulk of the code. So you really won't see much of 2.0's functionality in 1.2 when it's released, but a number of the features you're accustomed to in 1.1.1 will work more smoothly and reliably than they have in the past, and the user interface will be a tad more convenient. And, of course, it'll work with File Sharing in System 7 and won't be dependent on Gatekeeper Aid for retroactive fixes to its problems." FEATURE LIST "What's new in Gatekeeper 1.2b0? I'm not entirely sure... I lost track a while back. :-) A few of the changes I remember are listed (in no particular order) below. * System 7.0 compatibility. All other versions of Gatekeeper like to die when the File Sharing feature of System 7 is used. This version cures this problem very effectively, if not elegantly. Elegant solutions may come in version 2.0, but there are still questions remaining to be answered, and neither users nor viruses should notice the difference in the mean time. Note that this was the only imcompatibility between other versions of Gatekeeper and System 7, but it's a big one. * The interface has a new look. Where 1.1.1 supported 3 "screens" (Info, Settings and Help), 1.2 supports 6 screens in order to make room for a (hopefully) more pleasant and sensible user interface. * Gatekeeper's Help display now supports Styled TextEdit in it's System 6.0 and beyond implementations. This means that the help text will appear nicely formatted in Helvetica, Times and Monaco. This helps to differen- tiate the different sections of the Help display and adds useful emphasis throughout. If you want to view the help text as an undifferentiated mass of Geneva 9 point for old times' sake, just hold down the Option key when you access the Help for the first time after opening the Gatekeeper control panel. Text in the Help display may be selected and copied to the Clipboard so it can be pasted into more convenient environments, like word processors. All of the Help text in this beta version is left over from 1.1.1 and is, as a result, totally out of date. Don't even try to read it; it's just a placeholder for the moment. * The Gatekeeper control panel now includes a section that allows the user to view the log file and to clear the log file when it gets too big. * The privilege list is now sorted, and using the Clear button doesn't scroll the list back to the first item anymore. * The settings section now includes a check box called "Display a Mode Warn- ing Alert". This check box allows the user to determine whether Gatekeeper will display its "Notify Only" alert everytime the Mac boots in Notify Only mode. A "Notify & Veto" alert is also supported now, and the same check box regulates whether it appears or not. * A "New" button has been added to the privilege list section. This button allows the user to add an item to the privilege list without going through all the business with the "Add..." button and the Open dialog box. * Some privileges are no longer required. Programs and INITs that install drivers used to need Res(Self) privileges to do so, in many cases. In most cases these programs and INITs no longer need the Res(Self) privilege, so most of them have been removed from the default privilege list. ***If you find programs that need any sort of privileges at all which aren't ***included in this privilege list, please let me know so I can get them added. ***This version of the list dates back to 1.1.1, so it's not likely to be ***particularly complete. * Gatekeeper now supports privileges for Control Panel and Chooser documents, in addition to privileges for Desk Accessories, Drivers and Applications. Nobody should ever have to grant privileges to DA Handler again. * Internal Errors are history. The problem was found and fixed. * Gatekeeper no longer crashes Macs while they attempt to switch launch. Sluething around in the bowels of the Mac during switch launches finally yielded some useful answers (and a few interesting questions). * It is no longer necessary to grant the System 7 Finder Res(Other & Sys) privileges in order to move desk accessories around. Gatekeeper detects these cases internally and deals with them very carefully without reference to the privilege list. This "hard-wired" approach is far more secure than granting those privileges and will probably be carried over into Gatekeeper 2.0. So, DO NOT grant anything other than File(Other) privileges to the Finder. * Gatekeeper deals with the bizarre (or, at least, unexplained) RsrcMapEntry calls made by the print driver in System 6.0.7 without assistance from Gatekeeper Aid. * Gatekeeper now allows resources like the infamous Adobe Separator 'ADBS' to be added to the Desktop file without any fuss or privilege violations. Adobe still shouldn't have used that creator code, but nobody should have to deal with the fallout from this problem anymore. * Gatekeeper will no longer allow an odd value in its 'sysz' 0 resource. This will take care of an incredibly rare and obscure source of boot-time crashes on some Macs. Gatekeeper Aid, of course, has been retroactively correcting this problem for some time. * Since Gatekeeper now allows users to read the Log file from the control panel, there's no need to continue locking the Gatekeeper Log file in order to make programs like MS Word happy. The log file is still stored as text, though, so users can read it with other prgrams, like their favorite spreadsheets, if they so desire. * Special keys like the arrow keys, page up/down, and home/end are supported where appropriate. * StuffIt and Compact Pro (Compactor) self extracting archives (SEAs) are now fully and transparently supported. No privileges are necessary in order for SEAs to do their stuff." "* Gatekeeper 1.2 is now split into two parts; an INIT (which does the real work) and a cdev (which provides the user interface). In this respect it's very similar to the structure of Gatekeeper 2.0." The last feature occurred in the second beta. The main reason for it is that system 7 installs inits before cdevs, unless the cdevs are put into the extensions folder by the user. He also said that he split it up because it had grown so large. People using GK on a floppy can configure it with the cdev, then just keep around the init, sort of like how Moire works. I like the new interface a lot. After selecting the Gatekeeper Controls icon in the control panel, you get a scrolling list of the main windows. The titles are General, Help, Override, Settings, Log and Privileges. The General window is always selected when you enter Gatekeeper Controls. It is really nice to be able to view the log file while in the control panel. It's even very nicely formatted. You can select a privilege violation, and click on a get info button to get very useful info about the violation. Clicking on the grant privilege button automatically grants the offending program the necessary privileges. If anyone has any specific questions about how the interface in 1.2 looks, I'll be glad to answer them, it just might take me a while to scrape together the time to do it. Robert Stewart rstewart@ccwf.cc.utexas.edu University of Texas at Austin