Hacker News new | past | comments | ask | show | jobs | submit login
Sparkle: A software update framework for macOS (github.com/sparkle-project)
208 points by nateb2022 10 months ago | hide | past | favorite | 122 comments



This makes me somewhat nostalgic for the days when I would regularly encounter software that used Sparkle for updates.

The days when I’d mostly use downloadable native software for my Mac.

The days when most of the software I regularly used had a somewhat consistent UX.


I miss Adium.


I miss the world in which software like Adium was possible


It still is. Matrix, and other federated platforms, are exploding in popularity.

You could start here, if you are interested, to get a taste: https://matrix.org/docs/chat_basics/matrix-for-im/#creating-...


I don't think this is what was meant by Adium being possible. At its peak, Adium acted as a single frontend to many different instant messaging networks to provide you a single user interface for chat. Today, we've regressed to a point where this is no longer really feasible; every network requires its own client.


Matrix has bridges, which allow you to send/receive messages to other services like Slack or Discord.

https://matrix.org/ecosystem/bridges/


Also, as a different approach, to some degree Ferdium can act as a central place for various messaging platforms even if the integration that Pidgin (and Adium) and libPurple provided is not possible this way. Station is similar and a bit better but is in desperate need of developers. Both are FLOSS.

https://ferdium.org/

https://getstation.com/


Looking at the git repo, seeing the last commit being three years old is a bit sad. Someone sat down one day created a patch and committed it, and then they went away, to work on other things, leaving the git repository in a digital limbo.


So do I, so often. I made an Adiumy animation pack for my university that actually got mildly popular, and it was amazing. Such a quality app, and so nice when communication systems were standards not apps.


Seeing Adium and the message themes is one of the big things that made me want a Mac believe it or not. It looked so pretty.


Well, they weren't really standards by design either, people just reverse engineered their protocols. One could still do that, it's just that... nobody does anymore?


The countless matrix bridges[1] to Discord, Slack, WhatsApp, etc. that are actively maintained, together with dozens of Pidgin plugins[2] serving similar purposes suggests otherwise.

Granted, I don't expect Pidgin plugins to be well maintained compared to the Matrix appservice bridges. But still, there is at least one protocol that bridges to almost everything, and that's Matrix. For several years I used Matrix as little more than a glorified IRC and Slack client.

[1] https://matrix.org/ecosystem/bridges/

[2] https://pidgin.im/plugins/?type=Protocol


Oh no, people have tried to reverse-engineer apps like Signal or Discord. The problem is that the company starts aggressively banning every user of the reverse-engineered clients, as well as mounting legal attacks on their authors.


I still use Adium as an XMPP client. It has a fair share of bugs due to existing Cocoa APIs rotting, but it still works perfectly fine for the one XMPP server I browse (which has OMEMO encryption enabled!)


Indeed. That thing was a gem.


Maybe I‘m weird, but for some reason seeing a Sparkle „Update available“ modal popping up fils me with joy (The software I‘m using is getting better) and I enjoy reading the changelog. If there’s some weird custom updater in another software it always fills me with dread because I have to navigate a different UI, and probably have to restart it immediately.


The modal popup is the single thing I can’t stand about sparkle updates. Why oh why can’t they use the regular notification system and respect DND. It always seems so random as well, it’s not when the application starts or quits, just some rando timer polling for updates to surprise me with an interruption I can’t ignore


Nothing worse than starting iTerm and typing half a command when suddenly this thing interrupts you.


Modern versions of Sparkle are a less random in when to show the update alert (lots of software, iTerm including, use ancient versions of Sparkle)

DND is not properly/reliably detectable for 3rd parties. Support for Notification Center is not well designed for a framework to control and works as an auxiliary/supplemental (not primary) functionality for 3rd parties, so apps themselves would have to opt into using it along with adding a lightweight UI indicator which may need to be tailored to the app in question.

Further support is available for apps to support more gentle reminders -- https://sparkle-project.org/documentation/gentle-reminders/ which is a mechanism that iTerm developer wanted but developer has other priorities.

Users can opt into automatically downloading/installing updates too which may minimize prompts


I don't think that's weird, I enjoy those as well. So much so that I have a newsletter where I post changelogs of various apps that had updates in the past week (https://buttondown.email/appsandupdates). Adding apps is a slow process but I'm starting to see quite a bit of repeated apps so I'll have to speed it up.


In the latest newsletter „Clean my Mac X“ is listed. I always assumed that this is some form of malware, because they advertise so aggressively. Does it really make sense to „clean“ your mac?


It cleans it in terms of identifying large files, duplicate files/images, shows you caches for apps, uninstaller, which apps and files are old and never/rarely used. And so on. It's more of a convenience tool than anything. Don't recall other features.

I think there is a certain type of company that go for fairly generic(named) software with a lot of SEO and marketing to be able to earn a lot of money. I guess there is a venn diagram of malware creators where this applies too but I don't think they are.

They are also the developers behind SetApp. I mean, that's a pretty mainstream/famous app(store?) so they collaborate directly with loads of developers/companies to distribute their apps in SetApp. If that counts for something.


Agreed, their marketing can really sketch one out but CleanMyMac X is tremendously useful. I use almost every function it has once it a while. The app updater for example, it not only updates Sparkle apps but also lists outdated Mac App Store apps. The MAS itself fails to list those updates for some reason most of the time in its "Updates" pane.


Is anyone really interested in reading the detailed changelog for apps they don't use?


In practice it's more of a software discovery email, with the added bonus of knowing that they are being worked on actively, and finding out what sort of things they are working on at the same time. It's not really about "bug fixes and improvements" and I trim those out if I have time.


Sparkles is a godsend. I use it on all my indie apps and it saves so much time. The best part is I could release with confidence knowing that I don’t have to ask for AppStore Review for each release.

The new version with delta updates and flags for critical updates is amazing. 10/10


Thanks for that. As someone who is not a Mac user, let alone a developer, was wondering why it is useful given app stores exist.


*Sparkle. Please learn proper English.


Username checks out.


Caused me to remember Growl

https://growl.github.io/growl/


Nowadays I just run `brew update; brew upgrade` and everything gets updated, including casks.


For us technology slinging types, homebrew is indeed great. Sparkle updates are indeed fantastic for the average user however. I think I'd be interested in learning how many average users install software outside of the Mac App Store these days.


> I'd be interested in learning how many average users install software outside of the Mac App Store these days.

I'd hazard a guess that Chrome alone would put that figure near 100%


I think you underestimate how many people use Safari.


Nowhere near as how many people use Chrome obviously, even on Mac.


Data from analytics.usa.gov [1] reveals that Chrome leads browser usage at 48%, closely followed by Safari at 35.7%, highlighting the competitive proximity of Safari to Chrome. Definitely much higher share than I thought.

[1] https://analytics.usa.gov/


Those would almost entirely be from iPhones where all browsers are technically Safari


Not for long. IFF you are geographically located in the EU and using an iPhone (not iPad), you may one day have the option to use an alternative browser engine. You know, once browser vendors get around to making a version of their app that conforms to Apple's asinine requirements.

The whole malicious compliance shebang. EU mandates browser choice, so Apple implements new technological measures to ensure that browser choice will still not be offered outside the EU


“Safari” doesn’t mean “Safari Desktop”. We’re talking about the Mac here.


Homebrew has statistics. They're high for the usual suspects, very low for everything else.


Real question; do you expect most, half, or even a quarter of MacOS users are going to be installing things through brew?


Even 1%


You might want to cleanup and call the doctor just in case. :-)

  brew update; brew upgrade; brew cleanup; brew doctor


And no need for `brew update` unless you've turned automatic updates off.


It has a timeframe, though, so while it does automatically update every so often, it’s not every time you run `upgrade` or `install`, so running the `brew update` makes sure your OCD matches your needs.


Similar, just without the `doctor`. That one I only run it like once a month. For the other one, I got my alias, haha:

  buuc


I always do:

brew update && brew upgrade && brew cleanup && brew autoremove


What about brew upgrade --cask for apps?


Exactly. It is so simple to do `brew install figma` or whatever App you want. Most bigger apps have ready casks to install. Then I have a startup job that does `brew bundle dump --file=- > $ICLOUD/Brewfile`. That way I get a backup list of all software installed with brew so it is simple to install again if I migrate to a new machine (without restoring a Time Machine backup).

Edit: Obviously for users not familiar with command line programs brew isn't that "easy". But for command line people this setup is quite nice.


Raycast has an excellent extension to manage brew installs and upgrades without any cli on macs


Notably, many cask formulae use Sparkle as the livecheck mechanism that is used to find updates to casks.


I've had to implement Sparkle once in a macOS app and it was actually quite simple. It also doesn't really take much more than an S3 bucket to facilitate updates. And as a user, it's a great user experience that updates are handled in a similar manner in almost all of the apps that I install.

Great piece of software.


As a consumer of Mac OS software thank you! Seeing a Sparkle dialogue is such a nicety and it makes me feel good.


I used to author two indie Mac apps ~15 years ago, right around when Sparkle came out. It was a joy to add to my projects, a model to learn about great Cocoa framework programming, and still is always pleasant for me as a user. Huge independent success story on the Mac.


I have been using Sparkle in my apps for almost 15 years now (for millions of updates). It has always worked perfectly well for me. Really great project and still very active.


I instantly recognized screenshot in README.md Thanks to this thread I now know name of software that helps bring updates to a lot of apps I use daily.

Big kudos to all contributors of Sparkle, you all make our lives easier!


The one and only. Everything else is garbage in comparison.


I write software for Mac and Windows (in C++/Qt). I put each new release out as a separate application for the user to install. Is there some equivalent to Sparkle that runs on both Mac AND Windows, so I don't have to integrate a separate system on each OS?

Also I worry about update frameworks as way for bad guys to do bad things via my software. Should I be worried?


Windows installation system is so fundamentally different that it's hard to have a 1-size-fits-all update mechanism. When I shipped a cross-platform application, we used Sparkle on Mac, and a simple utility that downloaded and ran an MSI file for Windows.

In general, I wouldn't worry too much about Sparkle being a vulnerability. It requires that your download servers are hacked: https://9to5mac.com/2017/05/08/handbrake-trojan-mac-malware-...


Currently I used Inno Setup to create a .exe installer on Windows and DropDMG to create a .dmg image on Mac.

Presumably Sparkle and Winsparkle both use a similar update mechanism and that doesn't involve full Windows or Mac installers (otherwise, what would be the point?).


Sparkle works with a .dmg file, so you'd probably continue using DropDMG.

I can't speak much for Winsparkle; I remember looking at it and immediately concluding that it wouldn't work for us.

(FWIW: I ended up slipping in a few hacks so we could pop open browser windows on specific versions and commits, and even remotely kill them if needed.)


Ah, I see https://winsparkle.org/ is a thing.


There is one that is .NET and cross platform (incl. Linux) here: https://github.com/NetSparkleUpdater/NetSparkle (disclaimer: I am the primary maintainer of this repository).

For C++, WinSparkle works too: https://github.com/vslavik/winsparkle/


Presumably that means having to install .Net? I guess that makes sense if your software requires .Net, but mine doesn't.


Relevant and related is the free (donations accepted) program called Latest.app which scans your installed applications and summarises all apps which use Sparkle and have available updates. It's neat.

https://max.codes/latest/


huge fan and user of Sparkle. a while back I wrote a wrapper around it for automatically creating a changelog, signing software etc and its worked perfectly for years https://replay.software/bump


Here's someone's write up on setting it up in their application. I think I found this in a previous thread about Sparkle.

https://troz.net/post/2023/sparkle/


as a user, I have always loved when apps use sparkle.


I once made a fork of it that used github releases for updates, I wonder if I still have it.


That would be interesting. I wonder if it could be used with an internal Gitea instance too?


This looks great. What would be the equivalent of this on Windows? It feels like everyone just invents their own.


There's a version of Sparkle for Windows. I have no idea why apps don't adopt it.

I am constantly amazed and frustrated at how many apps I use on Windows have the following update process:

1. Pops up an alert telling me an update is available

2. I click a link in the alert opening my browser, taking me to a webpage full of links for different OSes and different architectures, which I have to search through to find Windows Intel x64

3. Wait to download the new version and then open it up

4. Spend 30 seconds clicking through a Windows Installer

Absolutely bonkers, especially considering some of these apps seem to release on an agile biweekly schedule. I usually procrastinate downloading updates because it's such a pain in the ass -- and that's not what you want your users to be doing.


I tried looking for something like Sparkle on Windows a few weeks ago.

Now I know it exists - thanks!


Well, someone made something inspired by Sparkle for Windows, https://winsparkle.org


On Windows, chances are that once you have a working installer you will be so deeply stockholmed that the idea that updates might go any other way than through a future incarnation of that installer is completely alien to you.

That being said, I think the way sparkle (and winsparkle, see sibling) present themselves looks delightfully NSIS (the good parts)


MSIX + scheduled task is the way

https://learn.microsoft.com/en-us/windows/msix/non-store-dev...

Or just publish to MS Store and/or winget.


Can you use MSIX without buying a code-signing certificate?


I sometimes see Squirrel[^1] used in Windows apps. Looks like it's used by Electron[^2], so maybe that's why.

[1]: https://github.com/Squirrel/Squirrel.Windows/tree/develop/do...

[2]: https://github.com/electron/electron/blob/main/docs/api/auto...


Along with some of the other comments, there is NetSparkle for C#-based apps that is cross platform: https://github.com/NetSparkleUpdater/NetSparkle (disclaimer: I am the primary maintainer of this repository).


Are you telling me macOS doesn't have a package manager already?


In terms of apps no, it doesn't or basically it is the Mac App Store. You basically publish your app with all the dependencies and target a specific OS version which guarantees certain baseline frameworks. Apart from that, any update means publishing a new version to the App Store (if you are there). If you are self hosting the app, you need something like Sparkle to trigger app updates.

In terms of proper package management a la yum or apt, there is homebrew of course.


I switched to MacPorts after becoming tired of Brew tainting my filesystem.

MacPorts keeps things clean in /opt/.

https://www.macports.org/

https://saagarjha.com/blog/2019/04/26/thoughts-on-macos-pack...


Nowadays Homebrew keeps its stuff under /opt/homebrew/


Only if you have an ARM64 Mac. x86 still use the old path.


I used MacPorts back in the 00s and early 10s but switched to Homebrew when it came out because it was less hassle.

Wanted to give it another shot with my latest clean OS install, but wound up installing Homebrew again due to broken packages on MacPorts. Probably should’ve tried to contribute by fixing those packages but didn’t have the time or mental energy available at that point in time.


How is it less hassle.

Installation is similar just a standard mac install. apps are the same.

The only difference is that Homebrew gets confused if you install your code or another build in /usr/local oh and Homebrew forces you to use non standard permissions on /usr/local


Back when I switched, it wasn’t unusual for MacPorts packages to not compile for some reason or another, and at that point my skills in that realm were lacking which meant I had little ability to fix these issues, rendering its technical superiorities over Homebrew moot.

Homebrew was less hassle in that most of the time, it successfully installed things and when it didn’t, it was fixed in short order.

Since then I’ve become much more capable of diagnosing and fixing broken packages but it’s still not something I’d like to spend my time on if I can help it.


Odd I have only had one or two Macports failures


OK so basically the point is to avoid Mac App Store fees and independence to third party project like homebrew.

Doesn't that leads to the situation on windows where every single app is phoning home at startup?


Well the original point is that sparkle predates MAS by more than a decade, and the MAS limitations are a bigger issue than the fees.

> Doesn't that leads to the situation on windows where every single app is phoning home at startup?

Sparkle has a very clear and regular behaviour, its predictability and widespread use made it easy to manage.


As a more technical user who is aware of Sparkle, I recognise the Sparkle updater and I appreciate it. In fact, I miss this on Windows, where each app updates differently, and most will just throw you annoyingly to the install wizard all over again.


To be fair, Windows Installer can also handle updates (and patches). And proper uninstallation, which is something that’s missing on macOS.


Thanks for the history lesson.


> Doesn't that leads to the situation on windows where every single app is phoning home at startup?

1) It's a setting/preference. The polite/respectful app developers will ask users whether they want to automatically check for updates.

2) It's periodic. Developers can set the default to whatever they prefer — daily, weekly, monthly, etc. — and again the polite developers may give the user an option here too.


You are correct. That's why Sparkle is still relevant these days and of course it requires the app to phone home.

Interesting things could happen with third party App Stores if they ever see the light in macOS.


What do you mean? There's already third party app stores on macOS. Steam and all the other gaming ones. Setapp is a more non-gaming one.


Thanks! I was not aware of those, go figure.

In that case I understand that Setapp can "phone home" and update the apps if necessary, not the apps themselves.


macOS app store mandates apps sandbox. If your app, for some reason, don't run in sandbox, you need to distribute it outside app store.


Sparkle automatically limits update checking to once per 24 hours if that makes you feel any better.


Usually the point of "software update frameworks" is to make the app phone home and check if there is an update isn't it?

I mean you can have an option to not make it check for updates if you want to provide a privacy option for people, but that just makes it a manual click-to-check-for-updates. Most people would probably leave the "check for updates on start" checked.

Can't see how that's a difference based on what OS you are on? I use Squirrel/Velopack (the equivalent for Windows I guess) and the usual way of managing updates is to have an update check at startup, or an interval (e.g. every hour).


>Can't see how that's a difference based on what OS you are on?

I have been a linux and openbsd user for the most part of the last 3 decades with only short stints on windows in a professionnal setting or when fixing up my partner's issues and nearly 0 experience of macOS apart from launching it in a VM out of curiosity 3 times so I was genuinely surprised and not aware of potential restrictions of app store. I know on windows there is the microsoft store + chocolatey that can handle apps updates (and possibly other projects?).

I have had the occasionnal java app installed in /opt from a tarball or an appimage but for me apps individually phoning home is more the exception than the norm. I usually have one process connecting to n repos, n being less than 5 usually and usually only when I am querying it manually. In recent years on Fedora I've let gnome software app connecring automatically and I guess with some flatpaks installed I am querying 2 flatpak repos (fedora +flathub) more but that's about it and most of our distro packages have telemetry and users counts disabled.


What I mean is: assume you use a software update system (Whether it's a "store", a "package manager" or just my own system I set up for one single app - it's irrelevant). The system needs to "phone home" to query what updates there are. There is no way around it. And unless you want to submit to a centralized store (Steam, a linux package repository, Windows store) then you are usually left to make the call individually for each app. And that applies regardless of OS of course. A self-updating linux app that dowloads its patch from acme inc is no different from the same app running under windows. It might be more or less idiomatic to do so for an individual app under different OS'es, but technically it's of course the same thing.


It's just downloading an xml file to see if there is an update available.


And talking about “XML file” is obscuring it, an “appcast” feed is an RSS feed with a few extensions.


Many open source (and even proprietary apps) apps get published using homebrew casks [1]. Although they usually use that as supplementary method. And sometimes it is done by volunteers.

[1] https://formulae.brew.sh/cask/


You can use homebrew to install regular apps as well, thanks to the casks feature. There's probably some apps that aren't available as casks, but usually everything I need is available already.


Mac classic had full compiled applications that you would drag to your applications folder. This is the same when it's distributed by dmg and told you are to drag to the Applications folder and using Sparkle on this is a common method to update or to just give another dmg. Another way you can distribute your app is to use a dmg to with a pkg file in it and this launches an installation wizard very similar to what you would see on windows. Then there is homebrew that has a series of ruby formulas that can do nearly all of the above. Obviously there is the Mac App Store.


Not officially, but these days first things I setup in Onboarding documents (if they don’t have it already) is how to setup Homebrew.

I install pretty much everything I need on macOS through Homebrew these days.


It has Homebrew, which many people use and is great. It also has its App Store but nobody uses it for anything non-trivial because it's so jailed.


> nobody uses it for anything non-trivial

I guess the Microsoft Office suite, LibreOffice, Adobe Lightroom, Pixelmator, Sketch, OmniGraffle, etc. are trivial?


Parent commenter is in the business of building fake open source (BSL) software. Take their opinion with a grain of salt.


Thankfully, it doesn't


Love Sparkle! Both as a user and a developer of apps (I'd never sell in the Mac App Store due to Apple's consumer unfriendly policies). It works so well and is so easy to setup.


[flagged]


You cannot possibly be serious? This is absolutely brilliant if it is sarcasm.

Sparkle has been around for what feels like decades. It was around long before the app store even existed. It has been the defacto way to update apps for a long time. You have probably used it a half dozen times without realizing it.


Sparkle was around in 2006 - before the iPhone, before the Mac App Store. The original author ( Andy Matuschak ) worked at Apple for a number of years after Sparkle was being fairly well used.

See https://sparkle-project.org/about/


I worked at a startup back in 2008 - we loved sparkle. Our entire app was ultimately stolen by Apple and implemented in iPhoto. We made the mistake of hiring an ex iPhoto team member as a contractor who ended up going back to Apple with our ideas. Wild time for startups.


Yes correct, this is not my opinion (at all, in fact I think the exact opposite). My goal was to take the same arguments that we get repeatedly from iOS and apply them to the Mac. In fact, I wrote it carefully without mentioning platform-specific things so that the exact same text could apply equally whether you were talking about the macOS or iOS.

I appreciate the compliment, but I mainly just aggregated and paraphrased the arguments I've been reading over the last several week :-)

Though I honestly approached it as an attempt at the Ideological Turing Test, not just as a sarcastic or underhanded way of scoring dumb rhetorical internet points. I genuinely am interested to understand why proponents of that viewpoint on iOS wouldn't carry that over to macOS?


I've almost downvoted but yeah, this can't possibly be a serious post.

Not yet.


It’s an obvious strawman of arguments in favor of the iOS App Store.


It's not my serious argument, but it's not intended as a strawman. Please, I genuinely would like to know, why do those arguments apply to iOS but not to macOS? Where do you see a strawman in what I wrote?


They don't apply to iOS either. It isn't their device once someone else purchases it. Furthermore, not allowing "sideloading" and bootloader unlocking is wrong. And I'd like to see EU and other governments crack down on Apple following Apple's scummy pseudocompliance with the DMA.


Thanks, I fully agree with you, but I'm interested in hearing from someone who does think they apply to iOS but not to macOS. I'm very curious to know how they reconcile that. I suspect it will be a helpful insight into the way they think




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: