

	 Mac OS X 10.8 restricted to App Store, signed apps by default - octopus
http://www.osnews.com/story/25619/Mac_OS_X_10_8_restricted_to_App_Store_signed_apps_by_default

======
janardanyri
The headline is fairly misleading, and the article sloppily mixes actual fact
with predictions stated as fact.

The reality: 10.8 by default only runs apps which were either downloaded from
the App Store, with the iOS-style sandboxing that will require, _or_ signed
with Apple's new GateKeeper service, and otherwise a traditional Mac app.

Those who condemn this as a flagrant loss of freedom are lost in the
philosophical weeds. The conventional wisdom before the iPhone was that native
apps were all but dead anyway, and the browser was the future. The iPhone's
App Store and attendant restrictions singlehandedly revived the concept of
consumers installing software. Meanwhile, the Mac is gaining enough market
share that it's now clearly a target for malware. Code signing is about as
open as you can get while still tamping down nasty code (and let me stress
again that GateKeeper is way more freeform than anything on iOS).

If there are alternate solutions to these issues, it would be fascinating to
hear them. Otherwise, well, it's easy to criticize from the bleachers.

------
pwg
From the article:

> When Apple first unveiled the Mac App Store, many - including myself - were
> concerned what it would mean for the future of the general purpose computer.
> It felt like a first step towards losing control and ownership over our own
> computers, a dreaded future where everything we do on our machines is
> curated, tracked, and monitored by companies who want to squeeze ever more
> money from us, and governments who want to control us.

> We're allowing an entire generation to be raised with the idea that you do
> not own software, that you do not own hardware, that you are not allowed to
> tinker with the magic smiles machine. This is going to come back to bite us
> in the ass in the future, when we're going to be faced with a shortage of
> low-level, hardcore programmers.

In many ways, Richard Stallman has been right all along, and slowly, many of
his fears are coming true.

~~~
jballanc
I don't buy it. When I had a C64, I had a number of games on a floppy. The
floppy got lost. The games were gone. With the App store, I buy an app on my
iPhone and it magically appears on my iPad. If I loose either device (or,
heaven forbid, both!), I can re-download my apps. How is that me _not_ owning
my own software? Because I can't look at the code? Guess what...I also don't
get to view the schematics of the power station that generates the electricity
without which neither my C64 nor my iPhone are of any use.

The cloud has become a utility, like electricity. The cloud goes down, I can't
access my apps. The electricity goes out, I can't turn on my machine. This is
the idea that the next generation will be raised with.

~~~
theootz
Because Apple is the "Gatekeeper" of all software on the platform. They have
full control over what goes in the app store, and what doesn't. No longer will
you be able to go to a website and download some no-name-joe's software. It
_HAS_ to be on the app store. That's the direction it's going in. It has
nothing to do with the cloud, being able to redownload your software, view
source code, etc... It's about having the choice of what software you can and
can't use being controlled by them.

~~~
pooriaazimi
> _It HAS to be on the app store._

Last I heard, you can sign your app with a free developer key. It absolutely
does not have to be on the app store. And there's a switch in system
preferences that lets you disable this whole verification process altogether
(or if you want don't want to disable it, but want to make an exception, you
can right click on an executable and press 'open' or open it via terminal,
instead of double clicking on it).

------
prodigal_erik
Appalling but I can't really fault them for responding to overwhelming
incentives. Apple already gave their customers a chance to be treated like
tool-using human beings, and the result was a decade of barely moving enough
boutique desktops to keep their lights on. Now they basically emboss "suck it,
consumer" along the rounded corners, and they're swimming in money. This move
is an indictment of the people who demonstrably _want_ to be treated like
this, so when they get screwed by stuff their vendor chose not to let them do,
make sure they realize it's their fault for opting in. Unlike Microsoft, Apple
never conspired to keep competitors out of the market.

------
jballanc
What is it about the "geek" mindset that makes one jump to the conclusion that
this is part of a vast conspiracy, some cabal of OS vendors, to lock out
hackers and prevent anyone from modifying their own machine? Isn't the simpler
explanation that 99% of Mac users don't know, don't care how to install custom
apps or homebrew, and would _gladly_ have Apple restrict them to signed-apps-
only if it means a significantly reduced chance of virus/trojan infection?

And you know what? If some day, for some reason, Apple _does_ decide to lock
out hackers and tinkerers from their systems, somehow I doubt Apple's stock-
holders will lose any sleep over it. For all the kvetching that I frequently
hear from the HN crowd at large about "let the market decide", it's surprising
how quickly that attitude vanishes when "the market" decides against you.

(For what it's worth, there was a time when developers had to lay out far more
than the average user for capable systems. It's only relatively recently that
standard consumer machines could stand in for a dev box. I wouldn't be
surprised if the future has developers, once again, paying premium dolar for
hardware.)

------
gte910h
The title is incorrect: OS X 10.8 (Mountain Lion) by default can only run
signed apps. All appstore apps are signed apps, as are anyone who gets a free
signing cert from Apple.

There is a setting to "only install Appstore Apps" but it is not the default.

------
winter_blue
This is completely unacceptable. With sandboxing, this destroys the freedom a
user can have on a Mac. Time to abandon Macs.

~~~
gte910h
The disingenuous article confused you. Only appstore apps need be sandboxed.
Non-appstore apps can be signed ( a free process ) and have no restrictions on
what they do.

Both signed and AppStore apps are runnable by default.

------
r00fus
Considering how much software is _still_ not on the Mac App Store (notably
Microsoft Office), the idea that Apple could shut off non-store software
completely is pretty fantastical and unrealistic. At that point they lose me
as a customer, for sure.

That said (and as a Mac fan), I don't like this move.

~~~
bradleyland
"...the idea that Apple could shut off non-store software completely is pretty
fantastical and unrealistic."

Could or would? They _could_ at any point. That's not what this (old) news
says though. Gatekeeper requires application signing, which is entirely
different than "shutting off non-store software completely." All App Store
apps are signed by default, which is why the news makes this distinction.

"That said (and as a Mac fan), I don't like this move."

Please, ask yourself why. Reflect on it, because I think a lot of the
apprehension is misguided.

App signing is a good thing. Developers have an entirely different set of
needs from the general computing public. We represent a small percentage of
said population. So why should computers be designed with defaults that suit
us, when we have the ability to change them (easily)?

The Flashback virus should be a wake up call to those still clinging to the
notion that the current situation is sustainable. It's not. Flashback would
have been stopped by app signing. Even if a malicious signed app does make it
through to the public, the ability to revoke their cert means you can take the
app offline quickly.

This is good for the vast majority of computer users. Is it less open? Yes,
but it's a step forward from a safety perspective. You have to choose your
priorities. What we have now isn't working.

------
Zev
"by default" are the key words here. It is very easy to disable this behavior,
if you don't want it. But, it is a good (read: relatively safe and secure)
default to have for the average person.

~~~
kls
Right I agree, defaulting to you don't know what you are doing and when you
do, you will know how to shut this off is a good thing. A key part of Apple's
success has to do with something Microsoft knew and did well back in the day,
and that is he who has the development mind share wins. A lot of developers
use Apple and if they lock it down entirely they will lose developers because
most of us rely on some form of open tools which will not be available in the
app store.

~~~
gte910h
The HN post is misleadingly titled. If an app is signed, weather appstore
published or no, it can run by default. Signing is free, takes a couple hours
to sign up for, and has no restrictions on what your app does.

------
MaysonL
I'm amazed at the reactions here to this two-month-old article.

------
dmishe
And still nobody on HN knows that you can turn gatekeeper off?

------
beedogs
I think this Macbook Air will be my last Apple computer. I'm done with the
company if they're going to play these kinds of games.

~~~
GuiA
Or you could do like Torvalds and get a Macbook Air but install another OS on
it. Criticize the software all you want, the hardware is still damn good and
at the top of what you can get.

~~~
mbylstra
Regardless of whether you use OSX or not, when you buy a Mac you're still
paying a great deal for OSX. It suprises me that Linus is prepared to fund
OSX. I mean the guy is a genius and I'm sure he has good reasons, but my tiny
brain does not comprehend it.

~~~
easp
No, you really aren't paying a great deal for OS X. If you are buying a Mac
because you like the hardware quality, then you should compare it to Windows
machines of similar quality. If you were to do so, you would see that the Mac
laptops are competitively priced.

Even if there was a few hundred dollar premium, keep it in perspective. How
smart is it to be fretting over a few hundred bucks with respect to a tool
that you will likely use for a year or two, for a significant % of your waking
hours, and upon which you depend for your most of your income?

------
Aloha
This is new?

------
hej
This is not news, by the way, this is an editorial disingenuously disguised as
news. It contains predictions that have to sound an awful lot like facts to
any unsuspecting reader.

There is nothing wrong with predictions, just don’t pretend they are not.

