WingNews logo WingNews
top | item 45602752

(no title)

aroman | 4 months ago

Apparently Electron was using a private API to tweak how window border shadows were rendered.[0] I leave it to you to decide how to assign blame.

[0] https://github.com/electron/electron/pull/48376

discuss

order

friendzis|4 months ago

What's private API?

If it is accessible from userspace it is by no means private.

Does it mean the API is private in the sense of "unstable" interface? It could very well break the userspace app relying on undocumented behavior, however, crucially here, anything that is exposed to userland WILL at some point be used by some application, be it legitimate or malicious, and it should not break the OS in any way. That's basic hygiene, not even security.

inb4: yes, userspace app could trigger e.g. millions of io operations and millions of number crunching threads and thus cripple the rest of userspace (or at least the rest of userspace at given priority level), yet the system part should still run within performance envelope. Insert "Task Manager (Not Responding)" meme.

fingerlocks|4 months ago

It’s not in a public header. You can easily snoop “private” properties and methods quite easily in Objective-C, because the concept doesn’t exist. It doesn’t exist in C either, but if you roll up your sleeves and figure out the memory layout and offsets, you can do whatever.

krferriter|4 months ago

Breaking stuff just to add more complicated border shadows. Crazy priorities.

biohazard2|4 months ago

Can we blame the Apple employees who apparently never tested their new OS release with any Electron-based application?

rollcat|4 months ago

How else do you get the message across? Do not use the private APIs.

Electron is most likely using a whole ton more. Apple is sending a message. "Fix your crap or expect more."

fragmede|4 months ago

the reason for having a large public beta process would be to get broader testing that definitely should have found this

zer0zzz|4 months ago

I’m glad they broke it. People that use private APIs in their apps must suffer.

sersi|4 months ago

If any apple app uses a private api then that api should be made public and documented. Having private apis is unfair competition and bad practice

friendzis|4 months ago

There's no meaningful difference between "private" and "documented, but changing every patch release" from userspace POV, yet not committing to documentation saves development effort for the same result, hence "private" APIs. If anything, private apis let "system" apps run at userspace, reducing attack surface dramatically.