March 2008
Mon Tue Wed Thu Fri Sat Sun
« Feb   Jul »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Month March 2008

Entries 2 Total

Input Managers are not ‘plug-ins’

Mar 19, ’08 4:44 PM

A while back, John Gruber asked us to reprint a section about Input Managers from MDJ and MWJ 2007.12.03 on this site so that more people could read it. We present it here, slightly updated for today’s circumstances.

The discussion at the time was David Watanabe’s Inquisitor 3, the free Input Manager that patches Safari so that the search field returns results instantly in a Spotlight-style dark window as you type. Its release was new at the time, and the product was mostly unchanged but “repackaged” for Mac OS X 10.5 since Input Managers need to have specific root permissions to work under the new OS for security reasons.

With yesterday’s release of Safari 3.1, and yet another round of broken Input Managers, there’s once again an opportunity to point out a real problem in how the Mac press is covering programs like Inquisitor that work by patching the system or other applications. Traditionally, the name for code that runs without support in another process’s address space is a hack, or if you’re being nice, a patch. The purpose of such code is to intercept either an application or the system as it tries to perform a specified task, so the patch code can supplement or replace that task with its own action, and then return control to the original code.

Such code obviously entails security risks, and it’s not necessarily easy to create. Unsanity created a well-documented system for patching applications under Mac OS X, called Application Enhancer, but they call APE and its modules “haxies,” which makes most of the Mac press drip with disdain. Inquisitor, on the other hand, uses the Input Manager facility in Cocoa that was originally part of NEXTSTEP to allow third-party modules to intercept keyboard input and transform it as necessary to support complex languages. Long ago, developers figured out that since all Cocoa applications load Input Managers, they’re a great way to load patches into any Cocoa application. That’s what Inquisitor does.

(Input Managers also load into any application that uses the Cocoa text system, including Carbon applications that use the Font Panel, WebKit, or any other AppKit-provided view with text input options. Increasingly, especially since there’s no 64-bit version of Carbon, Input Managers load in every application.)

What’s the problem? Sites like The Unofficial Apple Weblog, in its coverage of Inquisitor 3, insist on calling these Input Manager hacks “plug-ins,” implying a level of architectural and technical support that simply does not exist. This has become nearly standard usage on the Mac web: this Mac OS X Hints instruction for using Inquisitor on Leopard calls it “David Watanabe’s great auto-complete Web search plug-in.” Christina Warren of TUAW wrote an entire article about Input Manager hacks for Safari and a utility to load them under Leopard while calling them “plug-ins” every single time, never once noting that the entire “architecture” of these things is not a supported method for patching Safari. Warren equated them to Firefox plug-ins, which are designed expressly to load in that browser, and Input Managers are no such thing. They are hacks.

This is hardly limited to TUAW, although it seems that other authors on the site are determined to call Input Managers “plug-ins” when they’re aimed at Safari. On the MacUser blog, Derik DeLong called Input Managers “plug-ins” as well, saying they “enhanced” browsers to “usable states,” and applauded Apple for keeping them in Leopard because they’re “such a powerful API.” (DeLong also cheered undocumented and unsupported ways to make Mail load unsupported bundles in Leopard, calling those patches “plug-ins” as well.) The developer of PlugSuit, mentioned in Warren’s TUAW article, says his program “allows Input Manager and SIMBL plug-ins under Leopard and Tiger.” This is ridiculous on its face: SIMBL is Mike Solomon’s Input Manager that handles the tricky work of being an Input Manager so that programs like PithHelmet can more directly patch applications without having to implement the overhead of the actual Input Manager code. (It was recently updated to version 0.8.2 to add Leopard compatibility.) The name is an acronym for “Smart Input Manager Bundle Loader.” These are not plug-ins.

Tuesday’s release of Safari 3.1, and yet another round of broken Input Managers, has not changed TUAW’s positioning in the slightest, as you can read for yourself:

Whenever a new browser version rolls out, the engineers responsible for plugins and enhancements turn on the espresso machines for the coming all-nighters as they rejigger their products for the latest and greatest.

One site, in a reference we can’t locate right now, even lamented that Safari “doesn’t have a plug-in architecture.” This is surely news to developers like Adobe, Real Networks, Flip4Mac, and Apple, whose code can all be found in your “/Library/Internet Plug-Ins/” folder. Those plug-ins are for browser content, though, not browser behavior. Most applications don’t support generic plug-in architectures to let third-party modules completely customize the human interface. Firefox doesn’t come nearly as close as the hacks Input Managers can apply to Safari.

The problem is that the Mac press has decided, by unwritten fiat, to call Input Manager hacks “plug-ins” and confer an aura of legitimacy on them, while continuing to call other forms of patches “hacks” and caution you against installing them. That’s both misleading and unfair. The fact that Input Managers work through a Cocoa method does not make them better or worse than APE “haxies” that load through low-level Mach messages, or than any other way that third-party code loads without support into any application’s address space.

You can’t call the hacks you like “plug-ins” and the ones you don’t like “hacks” and simultaneously pretend you’re actually informing readers. This is not to say that you can’t choose to install whatever patches you want, as long as you’re aware of the risks in security, the dangers in updating, and the general facts behind putting someone else’s code in an application’s address space. You just shouldn’t be misled by the press into thinking one kind of hack is implicitly “better” than another kind.

Comments (0)

RSS feed changes

Mar 9, ’08 3:36 AM

Among the many, many, many upgrades we’ve suffered through in the past few weeks (including the production machine, production software, hard drives, machine repairs, even light fixtures and internet access hardware) have been server changes. While we’re shuffling some things around, we figured it was time to make the changes announced last year permanent.

So, effective as of now, the original https://secure.macjournals.com/ RSS feeds for MDJ and MWJ subscribers now get HTTP redirects to the newer feeds introduced last July, and those feeds are no longer “beta.” (Ironically, we may need to rewrite the software that makes those feeds, since it turns out the database behind them is really quite stupendously horribly designed [our fault]), but the URLs will remain the same.)

Your newsreader should easily and permanently replace your old URLs with the new ones the next time you refresh. If it doesn’t, we heartily recommend the now-free NetNewsWire 3.1, which handles this with aplomb and is, as mentioned, now free. Hence the adjective.

We had no idea how much stuff needed maintenance until we started fixing a few of the more broken things. It was kind of like fixing a broken drawer and discovering that the entire cabinet was riddled with termites, and then that the carpet needed repair, and on and on. We had about a 10-day stretch in February where something new, but minor, broke every single day. They were all manageable and fixed in a few hours, but when they come 10-15 per week for 2-3 weeks in a row, it makes you want to do something self-destructive, like enter politics or speculate about iPhone carrier agreements.

Almost everything is upgraded and fixed, including a few things MDJ and MWJ readers have wanted for nearly two years, with testing to resume this week (cross your fingers). Almost every single thing between the editors and the internet that we use to produce MDJ and MWJ has been upgraded or replaced since the last issue, and that almost included the very Ethernet cables connecting the machines. It still may—LAN transfers are slower than they ought to be in some cases but not others—but it’s been quite the makeover. We’re just glad it’s done. Hauling G5/Mac Pro cases around and copying 300GB hard drives over and over is something we’re happy to leave for special occasions. We’ll have more upgrading to do in the second half of 2008, but we’re just about done for now.

Comments (0)