
Can't you just right click? - bangonkeyboard
https://lapcatsoftware.com/articles/unsigned.html
======
lucb1e
This makes me wonder how open source is supposed to work on macOS. People seem
to become more and more aware of it and even enterprises that insisted on
support contracts can see that they can't get around open source completely
anymore. Meanwhile Apple is removing the ability for me to have a pet project
without paying an Apple tax.

If the message were completely transparent, something like "The developer
didn't pay $99 for us to do a cursory check on them (or whatever it is that
Apple does with that money), are you sure you want to run their software?
[Move to trash] [No] [?]", then that would give the user the relevant
information to make this decision, but as it is, virtually no mac user will
understand what is really going on.

I also can't imagine $100 is easy to come up with in countries below level
4[1]. The OpenStreetMap Foundation recently introduced a way to waive the
yearly £15 fee for OSMF membership if you have a certain number of map edits
or otherwise contributed to the project. The OSM community seems to be quite
diverse, but I can't imagine that Apple computers are less widespread than
OpenStreetMap.

[1]
[https://www.gatesnotes.com/Books/Factfulness#incomegroups](https://www.gatesnotes.com/Books/Factfulness#incomegroups)

~~~
Cthulhu_
Like all other legitimate software on MacOS; they get a developer account and
distribute it via the app store.

For years, Windows got laughed at by EVERYONE because there was so much
malware on it - in part because of its laissez-faire approach to letting the
user install anything from anywhere.

Mac went for the closed garden approach and there's hardly any malware,
adware, scareware or whatever -ware you can think of on the platform, which is
one of the reasons why Mac is safer and considered to have a better user
experience.

Curation is not a bad thing. And if an open source application wants to become
popular for the masses - not the HN power user crowd, which represents only a
small percentage of potential customers - they have to conform to its rules.

Likewise, they will want to be available through the Windows store as well.

Using the tools and platforms offered by the OS developers is the lowest
friction option for installing software.

As for poorer people and countries, isn't this where the open source charities
come in? Isn't this where the big FAANGs - including Apple - and the investors
and everyone that earned billions off of software should come in? I mean come
on, it's only $99.

~~~
mih
> ... in part because of its laissez-faire approach to letting the user
> install anything from anywhere.

This comment makes it seem like installing software outside of a curated store
is responsible for security issues, but this is exactly what Linux and other
like OSes do. You can install apps from anywhere and I'll wager you'll find
less malware, adware etc. for them in the wild, than the Mac. Granted usage of
these platforms as a Desktop is way lower making it a less attractive target
for bad actors, but much of it owes to inherent OS design.

> And if an open source application wants to become popular for the masses -
> not the HN power user crowd, which represents only a small percentage of
> potential customers - they have to conform to its rules.

Open source applications have been popular with the masses way before the
curated store app store model came into place. Publishing on an app store has
a good chance for increasing outreach, but it should not make distribution and
installation of applications in the classical way more cumbersome, should the
user so desire.

~~~
solarkraft
Most standard Linux repos are _highly_ curated, with even distro specific
patches and stuff.

The difference is that there is no rent seeking and you can choose your
curator.

------
cuddlybacon
This feature is at about the right spot for me.

It is still convenient enough for me to run software I want that isn't signed,
but sufficiently obtuse that neither of my parents have figured it out. Given
they are both prone to running any executable that any website tells them to
download and run, this feature has probably save me several dozen hours of
fixing their computers.

~~~
kjksf
Apple has been making things more and more restrictive over a decade now.

New versions of mac os introducing new restrictions.

Doesn't take a genius to see that their end goal is to make mac os as
restrictive as ios.

When that happens, will it still be the right spot for you?

~~~
manquer
You stop using Apple and go to a reasonable OS. You and I are not going to
help Apple keep their $2T valuation, we are no longer the market not been one
for 5 + years for Apple

Apple moved their focus from the professional market who were willing to pay
premium for productivity with better UX/Hardware/Software, to people paying
just the premium .

It is a lifestyle brand now, people money because it is Apple, not because
there is real value they gain for the higher cost.

Depending on what you work with, Windows or Linux is by far better option
today. MS listens to developers (eventually), WSL , professional support, a
lot of graphical professional grade applications all make it attractive. Linux
is lot more flexible, works with less friction makes it easy to work with
containers servers etc,

If you really need Apple hardware dual boot or flash a sensible OS .

~~~
cwhiz
>It is a lifestyle brand now, people money because it is Apple, not because
there is real value they gain for the higher cost.

Oh come now, there are millions and millions of professionals using macOS to
do work every single day.

This is basically a slippery slope fallacy. Today they're making it marginally
hard, what might they do tomorrow?!?

There are many reasons to prefer macOS to Linux or Windows. The Apple
ecosystem works extraordinarily well together. There is nothing that you can
buy, not with all the money in the world, that matches the seamlessness of
owning an Apple Watch, iPhone, iPad, AirPods, and a macOS device. You can't do
it with Linux, Windows, Android, or anything else. It doesn't exist.

I prefer macOS for development work, and for basically any kind of work. I
loathe the Windows UI/UX and Linux is far too often a second (or third) class
citizen. There is nothing that I have needed to do that I have been unable to
do because of macOS. Not once.

Not to mention... if you want to write software for macOS, iPadOS, WatchOS, or
iOS you must own at least one Mac.

~~~
vladvasiliu
> Oh come now, there are millions and millions of professionals using macOS to
> do work every single day.

Right, and how many of those are using macOS because they're "forced" to, as a
sibling suggests, or simply by force of habit?

Moving from macOS to Linux or Windows (or from any one OS to any other,
really) does require some time. It's not necessarily difficult, but it still
takes time. Time that the same professionals might find is better spent on
their actual professional work.

It could be argued it's a boil the frog situation, but for me that means the
incentives to change the OS aren't quite there yet. Maybe if MacOS 10.17 goes
too far with restricting what people can run on it, there could be more people
switching. But remember, many of those "professionals" are not programmers,
they use standard "enterprise" software, like Adobe or whatever. I bet most of
those people have no idea what a terminal is. They would probably not even
notice such restrictions are in place.

~~~
cwhiz
Is it really that hard for you to believe that people like and prefer macOS??

I don’t want to move to Windows or Linux. The time sink is irrelevant. I am a
software engineer and I PREFER macOS. So do my coworkers. So do many, but not
all, of my friends. So does my spouse.

Many of you replying here just seem completely unable to grasp that other
people exist, with other thoughts and opinions.

~~~
colonwqbang
So you would stay loyal to the product no matter what it evolves into? I
imagine there's some kind of limit to what you would put up with. Or is your
point that these restrictions don't bother you at all? That's fine of course
but I'm sure not everyone feels the same way.

As someone who never bought any Apple products, I find it harder and harder to
see why I would buy one. I have friends who are quite invested Apple owners
who say they will most likely not buy Apple again because of the way the
product has changed for the worse (in their eyes).

~~~
cwhiz
>So you would stay loyal to the product no matter what it evolves into?

No. My line in the sand is Apple locking down macOS so that I cannot install
applications outside of the Mac App Store. These "restrictions" that seem to
annoy other people do not bother me. At that point I would just migrate over
to Linux and maintain a Mac for any remaining Apple specific dev.

I'm not sure exactly where the line is on mobile. I don't feel restricted by
the iOS ecosystem, but I do understand that others might. If there became a
time where I wanted to abandon iOS then I would likely just go without a phone
or get a flip phone. I refuse to use Android or any product developed by
Google.

------
white-flame
The fact that the standard model of computing is that applications are opaque
machine code blobs that can access everything in your user permission space is
the core problem in privacy and malware. Applications should see nothing but
their executable jail, and whatever was intentionally allowed to them by the
user (eg, Open file dialog giving the application an opaque file handle, etc,
not carte blanche access to the entire filesystem). Ideally, the notion of
machine code blobs should be done away with as well.

Mobile OSes got to rethink everything in an era of constant adversarial
connectivity and started off on a better foot in this regard.

~~~
badsectoracula
This works for some type of software, but not all type of software. For
example a file server or a file manager wont work. A VCS client wont work. A
game engine that needs to keep track of imported resources (especially when
you want automatic imports when the file is saved via a 3rd party tool - e.g.
saving a model on Blender or a texture on Krita causes an automatic
reimport/convert to the engine's format). Basically any sort of content
management software that doesn't provide everything itself but relies on 3rd
party tools already installed on the user's machine wont work.

Software like clipboard managers also wont work. Screen sharing and remote
desktop software similarly wont work. Screencast software wont work. Hotkeys
software wont work. Most desktop automation software wont work.

I could go on and start looking at what i have installed to extend this list
(i'm sure most of the software i have on my PC wont work), but i guess you get
the idea. Almost everything that doesn't fit in the media consumption model
that you'll often find on a phone or a tablet wont work (and amusingly enough,
at least on my Android, stuff like a file server does work, though i've heard
Google wants to remove that functionality).

~~~
josephg
Sure it does! We just need sufficiently granular permissions for all of this
stuff. “Do you want to give ClipboardManager access to your clipboard?” Yes.
“Do you want to give TikTok access to your clipboard?” No. I agree that
clicking a million permission boxes is annoying but ideally it should only be
something needed for apps that don’t fit the media consumption model.

The real problem is that the desktop security model is outdated - it was
designed for a world where software developers are trusted by default and
users need to protect their data from each other. Today we can’t trust that
developers will respect my data. I mean, the fact that any application I run
or any npm module I transitively install could upload or delete any of my
personal documents is insane. We absolutely need to preserve my ability to run
software I write, and run screencast software, file servers, etc. But
permission to read my data should not be given by default to any software I
happen to run. The Epic thing makes me nervous but generally I think Apple’s
direction here is the right one.

~~~
badsectoracula
> The real problem is that the desktop security model is outdated - it was
> designed for a world where software developers are trusted by default and
> users need to protect their data from each other. Today we can’t trust that
> developers will respect my data.

Why is it any different today? You can always only install applications you
trust. It would be useful to have sandboxing for untrusted applications
(especially when said sandboxing would also allow you to monitor what the
application is doing), but not all applications are untrusted.

~~~
josephg
The UNIX permission system was designed when computers cost millions, they had
lots of users through timesharing (many of whom were programmers themselves).
And computers had comparatively little software. And most of the software that
was on the computers was installed by the system operators; who could be
trusted to not install software from disreputable developers. The threat model
was malicious users accessing each other's files; so user accounts with
limited permissions kept us safe.

Today I have several computers. Each computer only has 1 user. And yet my
/etc/passwd file still has 110 entries somehow. And it doesn't really help -
the thing I need to protect the most on my computer is my data, and most
programs on my computer could read and modify all my data with impunity if
they wanted to. The permission model nothing to protect my own files from the
programs I run.

Using tools like homebrew I install new software very frequently, and I don't
have time to vet the code I run. There is a staggering number of software
developers who have contributed code that runs on my computer. Some of them
work at companies in direct competition with each other. Some of those
companies I don't really trust. (Hi Facebook). So I rely on sandboxing in the
browser and on my phone to keep my data safe.

The UNIX user permission model just doesn't meet modern needs.

~~~
badsectoracula
Right, but why do you install software you do not trust in the first place?

------
FreakyT
I still believe that Gatekeeper is a blatant cash grab and not a legitimate
security feature.

$100/year to avoid a scary warning about how your app is _definitely_ a virus?
It's like a protection racket.

~~~
kelnos
It's hard to believe that this would be a cash grab. Even if there are 1M
developers in the world, that's only $100M, which should not be worth the
friction and cost to implement and maintain this scheme. Consider that Apple's
most recent _quarterly_ revenue was just under $60B. Apple made $260B in all
of 2019; $100M is not even four hundredths of a percent.

Developer time to build out the signing and notarization features is not free,
and running the notarization servers in a highly-available manner is also not
free. As much as we all like to call out Apple sometimes for how they don't
take good care of their developers, adding hoops for your developers to jump
through is not a great idea.

So I think in some ways Apple really does it for the security aspects, and
also probably just because Apple likes to maintain rigid control over their
experience.

~~~
cytzol
> As much as we all like to call out Apple sometimes for how they don't take
> good care of their developers, adding hoops for your developers to jump
> through is not a great idea.

Why not?

Apple has been pushing very hard lately to increase their 'services' revenue,
by getting users to sign up for Apple Music, iCloud, etc. It makes _perfect
sense_ for Apple to force developers to jump through hoops, not because it
makes the developers' lives worse, but because it gives Apple a leg up! Some
examples:

• When launching Chrome for the first time, you have to opt-in to Chrome
notifications, but macOS pops up its own notification telling you to use
Safari instead.

• Similarly, Apple News notifications are allowed by default, but you have to
explicitly opt-in to notifications from other news websites.

• Again, similarly, you'll get Apple Music adverts through push notifications,
something that's explicitly disallowed in the App Store guidelines.

• System Preferences gets an obnoxious (1) badge next to it, because I haven't
signed in to iCloud.

I use SyncThing, rather than iCloud Drive. It definitely benefits Apple to
waste the SyncThing developers' time and money keeping up with things the
iCloud Drive team doesn't need to deal with — do you _really_ think the sort
of company that pulls shit like the above would do anything different?

~~~
dwaite
> • When launching Chrome for the first time, you have to opt-in to Chrome
> notifications, but macOS pops up its own notification telling you to use
> Safari instead.

Link to a screenshot of this Safari notification when Chrome is run?

> Similarly, Apple News notifications are allowed by default, but you have to
> explicitly opt-in to notifications from other news websites.

Reference to an article about this?

> • System Preferences gets an obnoxious (1) badge next to it, because I
> haven't signed in to iCloud.

This is something other apps can't display...?

~~~
saagarjha
Not when Chrome is run, it shows up at some point after you start using your
Mac.

------
Marcus10110
I deal with this every day, because we only notarize our electron app in CI if
we're building the master branch or an RC branch. I don't see it mentioned in
the article, but what gets me every time is that the "right-click" trick only
works the second time you try to launch the app. The first time, right-click
or not, MacOS won't let you launch the app.

I do wish Apple had a free tier for open source projects, just like many other
tools on the web.

As an alternative, I wish there was an easy way to "sponsor" open source
projects for this sort of thing. (I guess there is in some cases, but it's
pretty hit or miss)

On Windows, although it's pretty easy to run unsigned applications, it's a
huge pain to install unsigned 64 bit drivers, even if it's just the inf file
that's custom. I've ended up signing open-source drivers several times with my
own code signing certificate (a few hundred bucks every few years) although I
haven't distributed the result. Drivers for things like USB SDRs.

~~~
lapcatsoftware
> I don't see it mentioned in the article, but what gets me every time is that
> the "right-click" trick only works the second time you try to launch the
> app. The first time, right-click or not, MacOS won't let you launch the app.

Thanks for the comment! I've referenced this in a new addendum to the article.

------
wruza
I thought that a developer status will autosave me either from malware or from
being babysitted, but then [1] happened. No matter how hard I tried to start
that binary, OSX didn't allow me to do that. Damn OS which knows better, who
do yo think you are? Did you see checksums, site certs, my competence, my
willpower? I thought that it must be something with a build process that
transmission uses, some signature didn't get into the bundle, etc, and went to
their forum for help, while trying to self-sign that app and to reduce the
system protection level in a console. As I found out later, that was yet
another snafu that happens with transmission every few years, and it's not
that it is a particularly small or inactive project.

Moral of the story is, if you want to protect your users, you have to bring
some level of inconvenience and frustration to them. Or be sure that I will
run that malware no matter what you say.

[1]
[https://forum.transmissionbt.com/viewtopic.php?f=4&t=17834](https://forum.transmissionbt.com/viewtopic.php?f=4&t=17834)

~~~
throwaway13337
So the moral is that we should give up freedom for security?

Because that's a bad moral.

~~~
nemothekid
Like anything in life there is balance, and anyone living in any sort of
society today has already given up some freedom for some security.

~~~
throwaway13337
They never had a choice.

There seems to be a trend in the US society today to error more on the side of
safety than liberty than I've seen ever before. Particularly, this is a change
in the tech community which has been a bastion in the fight for individual
freedoms since I've been alive.

In the end, when you make that bargain at the levels we are making it today,
the safety is only temporary but the damage to liberty is unrecoverable
without starting over.

It's a bad bargain.

To be clear of straw men, I'm not saying that individuals (not groups) who
have personally demonstrated bad behavior should have complete freedom to
repeat such acts. This argument is, and always has been, about pre-emptive
actions against the innocent in the name of safety.

~~~
rrrrrrrrrrrryan
Most people would hypothetically eagerly trade a miniscule amount of freedom
for a massive amount of security, because it'd be a good deal.

You're welcome to be an ideologue and paint the world in black and white of
course, but more people will try to assess the tradeoffs and have some
appreciation for nuance.

Obligatory disclaimer: I'm a staunch supporter of open source software and
don't own any Apple devices because of it, but I do appreciate and understand
why a company or an individual would want to have a device with a more locked
down ecosystem.

~~~
mellow2020
The majority of people is fine living their lives as to ensure to destruction
of all organized human life on the planet, just when it comes to the climate.
Thinking of history, all the darkest hours of it involve a majority thinking
they're right automatically, by virtue of being the majority, and persecuting
minorities, or doing all sorts of stuff that in hindsight is just evil,
embarrassing and gross.

> Free thought requires free media. Free media requires free technology. We
> require ethical treatment when we go to read, to write, to listen and to
> watch. Those are the hallmarks of our politics. We need to keep those
> politics until we die. Because if we don’t, something else will die.
> Something so precious that many, many of our fathers and mothers gave their
> life for it. Something so precious, that we understood it to define what it
> meant to be human; it will die.

\-- Eben Moglen

If people don't understand that it takes away from them, not from the
importance of the issue.

------
tzs
A couple other ways to deal with it (at least for some instances--not sure
this applies to every kind of executable).

1.1 Hit "Cancel" in the warning dialog.

1.2 Open "System Preferences" / "Security & Privacy" and select the "General"
tab.

1.3 It should have a notice about the unverified app being blocked, and offer
the chance to approve it. Do so.

1.4 Try to launch the app again. You'll get the dialog again, but this time it
should have a button to tell it to go ahead and launch it. That will also
remember that you have approved the app so you should be OK from them on (or
at least until the app updates, and you will have to redo this).

Another way is to fix it from the command line.

2.1 Locate the executable.

2.2 Do "xattr -d com.apple.quarantine /path/to/executable"

I just hit this today when doing some web testing with Selenium, and it could
not use chromedriver because the developer was not verified. My chromedriver
is installed via Homebrew and evidently it had been updated since I last used
it. A search for how to deal with that turned up both of the above solutions
as part of this Stackoverflow question [1].

[1] [https://stackoverflow.com/questions/60362018/macos-
catalinav...](https://stackoverflow.com/questions/60362018/macos-
catalinav-10-15-3-error-chromedriver-cannot-be-opened-because-the-de)

~~~
onemiketwelve
I have to look up this fucking procedure every time I update our internal
executable tools. And for whatever reason the security setting loads up some
sub tab for me and I always forget you have to go back to general to find the
little thing at the bottom to allow the app.

This is so far beyond reasonable from a ux standpoint and they have no reason
to improve because what am I going to do? Not use macos to work on iOS stuff?
It pisses me off so much

~~~
dwaite
If you have an automated process to update internal tools, you will likely
have a much better UX with updating that process to appropriately deal with
quarantine.

------
sevensor
Hold on a minute -- MacOS _phones home_ every single time you launch an
application? As a non-user of MacOS, this strikes me as utterly bonkers. You'd
have to place a massive level of trust in the developers of your OS to accept
this. And furthermore, surely the constant attempts to phone home have a
negative effect on the user experience when the computer's network connection
is missing or slow!

Perhaps the fine article has mischaracterized this behavior?

~~~
userbinator
_As a non-user of MacOS, this strikes me as utterly bonkers._

I assume you use Linux or anything other than Windows? Because the
"SmartScreen"[1] feature in the newer versions of Windows does the same thing.

[1] A common trend in these times: the word "smart" really means "we think
_you are stupid_ "

~~~
sevensor
You assume correctly. Although I do use Windows for my day job, my
expectations for that OS are so low that I ascribed its performance
shortcomings to incompetence. I'm not tremendously surprised to learn that
self-sabotage was involved. Sometimes after I type my password at the Windows
10 lock screen, I'm treated to a 5 minute wait during which I get to speculate
about what terrible decisions have got us to this point. I could cold-boot
Arch on a ten-year-old netbook, use it to check the weather, and shut it back
down in that amount of time.

------
bangonkeyboard
On a related note, the macOS 11 Beta 5 released today reveals that Apple
silicon Macs will require all ARM executables to be signed:
[https://mjtsai.com/blog/2020/08/19/apple-silicon-macs-to-
req...](https://mjtsai.com/blog/2020/08/19/apple-silicon-macs-to-require-
signed-code/), [https://developer.apple.com/documentation/macos-release-
note...](https://developer.apple.com/documentation/macos-release-notes/macos-
big-sur-11-universal-apps-beta-release-notes)

~~~
wtracy
From Apple's documentation:

> There isn’t a specific identity requirement for this signature: a simple ad-
> hoc signature issued locally is sufficient, which includes signatures which
> are now generated automatically by the linker. This new behavior doesn’t
> change the long-established policy that our users and developers can run
> arbitrary code on their Macs

So, the sky isn't falling yet, but it is reasonable to be concerned.

~~~
marcuskaz
> This new behavior doesn’t change the long-established policy that our users
> and developers can run arbitrary code on their Macs

This irks me, I don't know why. Maybe because calling it an Apple policy is
something that can be changed. I consider it more a right that I can run
arbitrary code on my computer.

So yes, I would agree, quite reasonable to be concerned.

~~~
ccmcarey
Everyone knows the direction they're heading in, so this wording comes across
as .. we know you're lying, you know you're lying.

------
mpartel
The power that tech companies accumulate with tactics like this, and the
justifications for that power, are strangely reminiscent of autocratic
governments: _we_ decide which programs you can develop and run, and _we_ can
levy an arbitrary 30% income tax (on top of regular VAT). But don't worry,
it's all for your safety and security!

We are fast becoming corporate citizens, for better and for worse:
[https://www.youtube.com/watch?v=l3pkkSNRug4](https://www.youtube.com/watch?v=l3pkkSNRug4)

While there is _some_ truth to the security argument - security after all is
sometimes at odds with freedom - good computer security can certainly be
achieved without this degree of centralization of power. Maybe you can't
protect a determined user from hurting themselves, but that seems like an
acceptable price for freedom.

~~~
eecc
Frankly, I’m afraid your premise is a bit of a straw man argument.

I’m constantly running npm, mvn, sbt, docker and some that download hundreds
of megabytes from unknown organizations, hosted on unknown servers, written by
unknown developers.

Next to that, I’m running desktop applications downloaded roughly under the
same circumstances, and was the update image it just installed when I opened
it genuine? Transmission was 0wned, as well as Handbrake. Any other I was
never aware of? Perhaps one that I’m currently using?

I have several GB of irreplaceable (to me) photos and financial documents on
this laptop. When was the last time I tested my cold-storage restore
procedure? (Hint: never.) What if I get hit by a ransomware? What if they grab
my GAccount cookie and run away with my identity?

All this makes me fret, and aware of how much vulnerable my information
persona has become.

I can run Linux, and trust Ubuntu or Debian or whatever to thoroughly audit
and verify every line before PGP signing any package released for distribution
(riiight, it’s already a gift out of free will, am I going to make demands
now?) I could manage, begrudgingly though because I’m more interested in using
the tool than to constantly grind it’s sharp edges.

But what about normal users? Not necessarily idiots. Just people that haven’t
explored the dense thicket of Linux on the desktop and ACPI, and kernel driver
(oh, by the way... what about those drivers?) Don’t they have the right to
some trust and expectation of privacy? (that they can immediately forego and
upload to Facebook)

Why must everyone constantly have to risk their own neck to defend someone
else’s perception of freedom. Why should they all pay (in terms of risk and
time mitigating against it) for something that someone else presumes it would
benefit them?

Apple can abuse their grip on their integrated platform. Apple can turn this
infrastructure into a rent-seeking scheme, into extortion.

But for the time being, they can’t deliver cryptographic app control soon
enough.

~~~
mpartel
Heavily sandboxing apps by default is fine, and some Linux distros are,
slowly, moving to do this - see e.g. AppArmor and Snap.

Even giving warnings by default about unsigned apps requesting high privileges
would be fine if the implied message weren't basically "everything _we_
haven't checked is malware". Something like "We nor any other provider you've
chosen to trust have no idea who made this and we haven't checked if it
contains malware. This program may steal and delete all your files. Be really
sure you trust the author before running this." would be much more honest.

Good security does not require a single entity becoming the sole gatekeeper
and taxman for a huge fraction of users.

> Why must everyone constantly have to risk their own neck to defend someone
> else’s perception of freedom. Why should they all pay (in terms of risk and
> time mitigating against it) for something that benefits someone else alone?

I'm not advocating for Windows-levels of "install anything with access to
everything with barely any warnings". And I wouldn't say you're "constantly
risking your own neck" if you deliberately ignore warnings.

In computing as in society, I don't see how we can remove all possibility of
getting cheated into hurting yourself (by installing malware in this case)
without essentially submitting to some form of autocracy. And I think freedom
benefits almost everyone, at least indirectly. As a concrete example, in the
Apple/Epic case, an alternative game store would likely result in healthier
competition i.e. lower prices. As another example, Hong Kong protesters with
iPhones would have had an alternative way to coordinate:
[https://www.bbc.com/news/technology-49919459](https://www.bbc.com/news/technology-49919459)

~~~
eecc
> Even giving warnings by default about unsigned apps requesting high
> privileges would be fine if the implied message weren't basically
> "everything we haven't checked is malware". Something like "We nor any other
> provider you've chosen to trust have no idea who made this and we haven't
> checked if it contains malware. This program may steal and delete all your
> files. Be really sure you trust the author before running this." would be
> much more honest.

Well, what you ask is what's written in the very first prompt screenshotted in
the blog post; it says "the developer cannot be verified", "macOS cannot
verify that this app is free from malware." I don't see how this choice of
words is much different from your proposal.

I don't want to go too deep into the "alternative store" discussion, it's much
broader than this, but let me just say Adobe Flash. I don't think Apple will
ever relinquish the strategic power to force developers to adopt APIs and
track their lifecycle, and never again have to deal with the Flash scenario.

If they let the door open to "alternative stores" good luck explaining to the
general public how it's not their fault if <insert major app> works like shite
and kills hardware performance. As an example, to this day, people still rant
about Apple's "proprietary music file formats" when really it's just bog
standard mp4 (it's even unencrypted... you can copy it over to any industry-
standard decoder and you're good to go. Good luck with WMA (if they're still
around) or whatever madness Sony came up with.

The moment they would decide a major overhaul, you'd see "alternative app
stores" advertising "backward compatibility", "freedom from Apple's
treadmill", fragmenting user experience in an endless passing of blame about
who's fault it is for the rot.

~~~
mpartel
> Well, what you ask is what's written in the very first prompt screenshotted
> in the blog post; [..] I don't see how this choice of words is much
> different from your proposal.

There are nuances about the UI and wording as discussed elsewhere in this
thread, but my main objection is about Apple positioning themselves as the
only one who decides which apps don't get that warning.

> [..] I don't think Apple will ever relinquish the strategic power to force
> developers to adopt APIs and track their lifecycle, and never again have to
> deal with the Flash scenario.

I don't see how alternative stores would prevent Apple from breaking
backwards-compatibility on an OS they would still control. Even open source
projects do BC breaks as they see fit. And I think Microsoft demonstrates that
proper BC is something a company the size of Apple could well afford to do if
they cared to.

The Flash case could be seen to support my position as well. Wasn't it a case
of Adobe getting into a dominant position (for their particular niche) and
then "abusing" it by letting Flash stagnate with awful security? It's good
that we _eventually_ got rid of Flash, but wouldn't it have all been much
easier if Adobe had never become that dominant in the first place?

You can of course say Apple would never let something stagnate in that way,
but all companies have their (sometimes shifting) priorities and interests.
Often they'll align with you as the user - that's the nice thing about
capitalism - but there's no guarantee that they always will (e.g. that Hong
Kong example), and a dominant player in the absence of healty competition is
always incentivized to charge as much as the market will bear.

> If they let the door open to "alternative stores" good luck explaining to
> the general public how it's not their fault if <insert major app> works like
> shite and kills hardware performance.

Is this really that big of a problem? Seems like something platforms already
deal with by surfacing and by default restricting apps' energy use etc, though
this too can be a double-edged sword. I have a few apps on Android that need
to constantly show a pointless notification just so they can run in the
background, and they have legit reasons to do so, and I'm OK with the battery
drain.

Again I'm compelled to draw an analogy to society: freedom indeed requires
some degree of responsibility and understanding from everyone. Benevolent
dictators are a great place to "outsource" all that. The trouble is that they
(or their successors) rarely stay benevolent for long, especially if you're
not in their ingroup. I've yet to see power accumulation have good long-term
consequences in history.

------
csense
"Y'know, it sure would be a shame if our OS went around telling users your
software's a virus. Now we c'n make sure this little problem doesn't happen to
you, all you gotta do is fork over the $300 (yearly of course) to join our
developer program."

Nothing like a good old protection racket. No wonder Apple's worth trillions
of dollars.

~~~
saagarjha
$100/year

------
LeoPanthera
This behavior frustrates me, as a seasoned (=old) Mac user, but I am
simultaneously quite grateful for it existing on my parents Macs.

It would be nice if there was a Sys Prefs option to add a "run anyway" button
to the initial prompt. It wouldn't even need to be on by default. Just give me
the option.

~~~
lstamour
But then you’ll have websites that walk you through changing the setting. At
least this way you have to make a decision every time, even if it costs you a
few clicks each time you do it.

~~~
themacguffinman
They can do the same for the right-click technique. Omitting a setting does
not change the user's understanding of the decision, it just makes this
completely undiscoverable and tedious for users who know what they're doing.

~~~
KeepFlying
A system setting risks allowing you to make more mistakes.

Imagine I install some app from a trusted third party and am walked through
the steps to toggle the system setting to allow installs. Then a year later
when I am installing some untrustworthy tool, I am no longer warned (at least
not to the same severity) that this tool is unsigned. It leaves me more likely
to install that software and end up putting myself at risk in the future.

Take for example the Android settings for installing third party apps. I can
enable it on a per-app basis, but that permission persists for the lifetime of
my device. If I allow Chrome to install apps for me, that enables apps from
ANY site from now until the EOL of my device, to more easily make their way
onto my phone.

If I am asked every time (or even periodically) I am given a moment to
consider if I know what I am doing.

~~~
themacguffinman
But the setting doesn't have to get rid of a warning, we're discussing
requiring the right-click to even show the option of running the software.

Gatekeeper right now won't even allow you to run an application unless you
somehow know and remember to right-click. This is sadistic. Many well-informed
users won't even know about it and even more will forget to right-click on the
first try. This is far from "forcing the user to make a choice about each
binary". It's clear Apple doesn't want users to even be aware that there is a
choice.

~~~
lstamour
Well... there happens to be a way to disable that part of gatekeeper
functionality if you want to. It’s just not a checkbox in settings, if I
recall correctly it’s a terminal command that requires sudo.
[https://www.imore.com/how-open-apps-anywhere-macos-
catalina-...](https://www.imore.com/how-open-apps-anywhere-macos-catalina-and-
mojave) But really, really only do this if you know what you’re doing. You can
leave gatekeeper running but in a mode where it is much less restrictive. It
may still prompt you if you just downloaded an app from Safari, that sort of
thing.

------
mFixman
I was surprised to find out the something even worse is happening on default
installations of Windows 10: you cannot install non-Microsoft software at all
unless you go to the system settings and disable "S mode".

It's impossible for someone who's not technically oriented to know how to
disable S mode or even what it is, and trying to get my mum to install Google
Chrome on her new computer was harder than it has any right to be.

When did the ability to run software get this bad?

~~~
benhurmarcel
Only some PC models come with S mode by default (notably the Surface do).

~~~
mFixman
S mode is active by default in regular, non-Surface Lenovo Ideapad laptops.

------
danjc
Fellow devs, I have to take the minority view here. How is $99/yr a number
that any business should even care about? Even for OSS.

The reality is that the HN audience are complete outliers. Just look at the
junk your friends and family install on their machines.

On a related note, the equivalent in Windows is SmartScreen. It prompts
similarly to Mac for unsigned downloads as well as signed ones where there
isn't yet sufficient reputation on the signing key. That last part is
frustrating - we have a downloadable software component for our SaaS. It's not
that frequently used and every time we renew the cert (third party BTW, not
with MS), it takes a few weeks for SmartScreen to start trusting it.

~~~
latexr
> How is $99/yr a number that any business should even care about? Even for
> OSS.

If you’re including solo non-business programmers in that, I’ll say I find it
unreasonable to ask of an open-source developer that in addition to giving
their time to develop and support their software, they should also give their
money.

It’s great that $100 is chump change for you. That’s not the case for
everyone, certainly not all open-source developers.

But the issue isn’t about money, it’s about the control a petty company exerts
on what you can develop:
[https://news.ycombinator.com/item?id=24217921](https://news.ycombinator.com/item?id=24217921)

------
habosa
I have yet to get a good answer to this question: what do these checks do?

They just confirm the developer has $100? Does Apple actually make sure signed
binaries don't do anything bad?

~~~
jeroenhd
When an application turns out to be malicious, Apple can remotely disable it
by invalidating the developer certificate globally.

This is how some mac viruses were stopped; the developer license was
retracted, making the executables hard to open in the background, slowing the
spread or even killing the virus during its infection track.

It also maintains Apple as the administrator of your computer. You may have
paid Apple for your laptop, but it is Apple who decides what you can and
cannot execute. Options to work around the blocks Apple throws up are reduced
and made harder with every new release. I predict that eventually all binaries
will need to have Apple's blessing or be signed with a corporate certificate,
just like on iOS. It's still years away, but the direction Apple is taking
this is obvious.

------
waheoo
Why do so many in tech buy into a walled garden and then bitch about it later?

I could say whinge but it doesn't quite convey what I'm seeing here.

~~~
lapcatsoftware
The problem is that we didn't buy into a walled garden. Mac OS X was an open
platform from 2000 until 2012, when Gatekeeper was added, ostensibly for
security. It's very difficult if you've invested in a platform for many years,
and then the platform slowly transforms into something different.

~~~
waheoo
Its 2020.

Apple has been hostile to openness since inception, see: right to repair or
basically any Louis Rossman video on YouTube.

Not to mention years of news stories showing how little apple cares for
developers or individuals.

~~~
lapcatsoftware
Has Apple become increasingly hostile? Yes. Since inception? No. For example,
my MacBook Pro from 2007 had a user-replaceable battery. I just popped the old
one out, popped the new one in, 15 seconds, it was brilliant.

~~~
waheoo
Oh come off it. Those user replaceable batteries were expensive as hell.

It's cheaper to replace a MacBook air battery than it is to replace one of
those old cartridge things, of which you could only buy from Apple.

------
dec0dedab0de
I dont see any problem with this. If you don't feel comfortable doing this
then you definitely shouldn't be running random code from the internet. I
would take it a step further and force it to be run from the command line.

Also, what kind of "viable software business" has trouble paying $100 a year?

~~~
aaomidi
Any open source developer?

Do you know how much $100 is in Iran?

~~~
dec0dedab0de
I just looked it up, and it seems like $100 is worth less than half a week of
an average developers salary in Iran.

~~~
saagarjha
$100 can be an hour of a developer's salary here, or even less. The relative
cost is quite large. (Oh, and guess who isn't making a developer's salary in
Iran? Someone who is just starting out, or an open source developer, or
someone who is currently unemployed…)

~~~
dec0dedab0de
But if youre just starting out or only releasing your code for free, then
you're not a "viable software business", which is what the article was
complaining about.

~~~
saagarjha
You know who needs to get new customers (the next sentence in the paragraph
you took the quote from)? People bootstrapping a software business.

~~~
aaomidi
Or people who want to publish a software for free.

It's surprising how many people have forgotten that software development and
starting out new projects wasn't always for an endgoal of monetizing it.

------
hans_castorp
How does this work for Java programs?

The actual java binary (JVM) can be (is?) signed and used for many different
apps/programs. But the .jar file that is executed probably can't be signed.

(Note: I have never done any "native" Mac programming)

------
the_af
As a data point: I am indeed a new Mac user, and I would never have guessed
how to override gatekeeper and run the app if it weren't for (I think)
stackexchange or a similar site providing detailed step-by-step instructions
on how to do it. I'm a Linux power user so googling is no strange thing to me,
but still, macOS really goes out of the way to hide this choice!

In my opinion, it's simply not possible to learn how to override it by
following macOS UI "hints". Every step of the way seems designed to hide this
possibility, instead of giving users a warning and a clear choice.

------
catmistake
Disabling Gatekeeper From the Apple menu, open the "System Preferences"
application. Click on Security & Privacy > General tab. If the lock in the
left-hand corner is locked, click on it, then enter your Mac's username and
password. This may not be required. Click "Anywhere" under "Allow applications
downloaded from:". If you followed Step 3, please click the lock in the left-
hand corner to return it to its locked state. Close "System Preferences".

~~~
jbergens
Sounds like a security disaster for non-technical users. It is much better to
trust a specific app from now on than to trust the entire internet from now
on.

~~~
catmistake
The assumption is that developers need free reign. One would hope a developer
is a technical and savvy user.

Not for nothing, Gatekeeper once did not exist. Myriads of Mac OS X users were
not p0wned. But your point is not lost on me.

------
lwouis
I'm the main contributor of an app that emulates Windows's alt-tab feature on
macOS ([https://github.com/lwouis/alt-tab-
macos](https://github.com/lwouis/alt-tab-macos)). I researched this topic
extensively, and eventually decided that I would bite the bullet and pay from
my own pocket, so that users get a good UX when launching the app.

It is displeasing to see Apple not having an open-source program in-which they
give free certificates for popular open-source projects after a review. They
are a large beneficiary of OSS after all.

Furthermore, smaller companies do it frequently these days: Jetbrains gave me
free IDE licenses, poeditor gave me a free account, github hosts the project
code, ticketing system, and is the distribution channel for first downloads
and updates, appcenter hosts crash reports for free, travis does the CI for
free, etc.

------
cryptica
I don't understand how any developer can willingly use a Mac these days. When
you buy a Mac, you don't own it.

I have a similar idea about services like Amazon Lambda; why would developers
build apps tightly integrated with a product that they don't own.

Most millennials these days own nothing because they keep perpetually
accepting their position as 'renters' through every decision they make.

------
nippoo
I've seen a few apps get around this by packaging them in a standard .dmg and
giving the user clear instructions ("just right-click") as the background
image of the opened container, or as the name of the app, or on the download
website, etc. Although generally these have been fairly tech-oriented apps
where the users would be likely to know the shortcut anyway!

------
einpoklum
I would say this is an example of how the user interface - and some of back-
end plumbing - of a desktop environment [1] is not designed to serve users,
their needs and interests. Instead, it's designed to serve Apple's needs and
interests at the expense of users.

For me, this is a much stronger reason to avoid Apple software than whether
it's FOSS or not. I can live with a company which makes some proprietary app.
I mean, I am annoyed that access to it is restricted, but at least the "deal"
is upfront.

When what I see and what I can run and how it runs is the object of direct
partisan manipulation, and trade between commercial companies for epistemic
access to a captive user-base, that's a whole other story and it just makes me
sick.

\---

[1] : I'm letting Apple enjoy the benefit of the doubt and assuming the
"signing" business is not enforced at kernel-level, only by the graphical
desktop environment's application launching mechanism.

------
hardmath123
I came across this problem when I wrote a small program for a humanities
professor to help him draw some diagrams. He didn't want a web app ("it'll
disappear once you graduate!") so I wrote him a mac app and emailed it... it
was such an adventure getting him to ignore the security warnings to run it...

~~~
FabHK
The alternative (that macOS not display security warnings when trying to run
unsigned software that someone emailed you) doesn't seem better.

------
d_tater
Windows is starting to pull the same shit. Walled garden OS's are the future
for most regular users.

~~~
dmart
Good. Regular users are not sufficiently computer-savvy to avoid being tricked
into installing malware.

~~~
rpdillon
I mean, you're right, but I feel like the approach we're taking is that we
have to cater to the least tech-savvy person that might every use the
computer, even if that damages the experience for millions of folks that are
tech-savvy. I really disagree with this this one-size-fits-all approach. It
seems like a local optimum, at best.

Of course, more tech-savvy users can always use a system that doesn't impose
this on them, but I really wish Apple would provide different experiences to
different users. If they hadn't diluted the "Pro" moniker, I'd advocate for
"Pro" editions of MacOS that remove all this stuff. As it is, every amateur
user thinks they should get a Macbook Pro, and my user experience on any
distro of Linux is miles ahead of any other platform available. That's fine
for me (I'll probably never leave Linux unless something drastic changes), but
what about folks that love Apple and are tech-savvy? Why should they have to
jump through increasingly arcane hoops to do very reasonable things (like run
unsigned code) on a machine they bought? It seems like a massive missed
opportunity.

~~~
ttys000
Apple needs to finish migrating their casual userbase off MacOS and onto
iPadOS. Macs should be reserved for engineers and other technician oriented
jobs in the various industries. That should be the delineation.

The industry tried to morph desktop computing into the world of Windows XP
playschool friendly computing. Teach grandma for the 6th time how to click the
start menu, etc.

That was a stopgap solution, and that era is over. We need to move all of
those people off of computers and onto consumer-safe devices. Then restore
desktop computing back to its originally intended audience, take off the
bumpers and give unregulated access back to serious computer users who want to
build important stuff, not get constantly nagged and prohibited from doing so.

------
axilmar
Why operating systems don't provide a sandbox for running unsigned apps by
default?

Is your app signed and secured? it runs in the current environment. Otherwise
it runs in a copy of the current environment, with restrictions as to what it
can send/receive from the world.

------
henvic
I've ran into this signing issue a few years ago when trying to distribute a
binary for applications (tips, if you need to do so here:
[https://henvic.dev/posts/cs-security/](https://henvic.dev/posts/cs-
security/)), and while it's a hassle for developers I really appreciate that
this is making using computer applications safer.

The next step is naturally adding boundaries about what applications can do
just akin to containers, sandboxes, or permissions found on smartphones
operating systems. I just hope some sort of standard emerges so we don't have
each major vendor implementing their own incompatible system (okay, too late).

------
kossmoboleat
I think it's fine to have more checks for "normal" users, but I'd like to see
a better UI for experienced users.

Either there could be a pro-mode app/setting that let's use tone down the
warnings a bit and give the extra "allow" option already in the first dialog.

And/or let app developers add an extra dialog to ask for ermissions on install
(e.g. in Homebrew).

I haven't tested this but apparently you can disable Gatekeeper completely
using:

sudo spctl --master-disable

from
[https://help.apple.com/xcode/mac/10.2/index.html?localePath=...](https://help.apple.com/xcode/mac/10.2/index.html?localePath=en.lproj#/dev9b7736b0e)

------
userbinator
Is this only for GUI applications? Admittedly I have not done much development
on Macs, but have done some exclusively-command-line work post-Gatekeeper, and
have never seen that dialog (or a textual equivalent) appear when running
binaries I compiled and even copied across machines; from the Terminal.

Incidentally I have never run those binaries via the Finder either, so it
makes one wonder where exactly this check is --- is it something Finder does
when you open apps, or when GUI libraries are loaded, or something much lower-
level in the kernel, like on an exec() call? I don't have a suitable machine
around at the moment to check, but the need to right-click suggests Finder is
doing this?

------
40four
Man, I really love my Macbook pro. Such a nice piece of hardware, and the OS
is a joy to use. But the more and more I learn about about their business
practices, the more I wonder if they are really in line with my own values,
and the more I think about how much benefit I really gain from the OS.

Probably not as much as I used to think.

I'm starting to realize something. I'm almost certain I would be just as happy
with a Linux capable laptop, loaded up with Ubuntu 20.04. I'm pretty sure my
next laptop purchase will not be another Macbook pro. It will surely save me a
ton of money, and I'm just not convinced the walled garden is adding enough to
my life to make it worth it.

~~~
cryptica
I highly recommend Kubuntu. It looks ugly initially but you can customize it
to look really good. There is even an OSX theme that you can download.

~~~
keyb0ardninja
While I second the Kubuntu/KDE recommendation, I would suggest not using a Mac
theme. Because that might get you in the mentality of trying to make a Mac out
of Linux, which it is not. I recommended learning to use Linux like Linux with
all its unique ideas and it's a joy to use.

------
nojvek
Well. This is how you make 2 trillion dollars right? Make tightly controlled
marketplace where you are the king and tax the shit out of it.

Like it or not, America’s founders didn’t bow to the European kings, but now
we have new tech emperors that we must bow to.

------
konaraddi
> Can you distribute Mac software over the internet without signing it,
> thereby avoiding Developer ID and notarization entirely? Technically,
> currently, yes, although Apple has indicated that a future version of macOS
> may not allow unsigned code to run at all.

To my knowledge, this depends on what APIs you wanna use. Using certain
capabilities like Network Extensions (the on-device low-level networking APIs)
requires paying $99/year for the Apple Developer Program. See
[https://developer.apple.com/support/app-
capabilities/](https://developer.apple.com/support/app-capabilities/) for more
details.

------
lordgrenville
I (a savvy and sophisticated dev who knows all about right-clicking) got stuck
with this today with an unsigned binary of a command-line program. Right-click
open didn't work since the OS didn't know which program to use to open it, so
there was no "open anyway" option. Launching from the Terminal gave me the
familiar MALWARE! PRIVACY! pop-up. Solution was to open System Preferences ->
Security, click the lock, then below the radio button for "allow apps from App
Store/identified developers" there was a button allowing a manual override.

------
turblety
This is just a cash grab from Apple, and part of a series of unethical
behaviour by a monopoly (eg app store dictatorship).

This would be totally unnessisary if apps could run in a sandbox. It wouldn't
matter if I run some random game I downloaded off the internet if it can't do
anything on my computer outside of its own sandbox.

And to the people that say it's not possible, just look at web browsers. Each
website runs in a complete sandbox.

For apps that do need to use operating system functions, then you can escalate
privellages with user consent. For example, mobile apps, that ask: "This app
wants access to your camera"

~~~
saagarjha
macOS ships with some of that already; users immediately complained that it
turned their OS into Windows Vista. Perhaps the underlying problem is that
Apple's sandbox is not under the control of the user, it's mostly controlled
by Apple and (to a lesser extent) by the developer of the software itself.
It's really a strange model if you think about it…

~~~
turblety
> Perhaps the underlying problem is that Apple's sandbox is not under the
> control of the user, it's mostly controlled by Apple

Absolutely agree. There is a risk of prompt fatigue but that's a UX problem
that can be solved during the installation process or first run.

------
gfxgirl
Just thought I'd point out this is bad for Unity and Unreal. Tons of student
devs making small games putting their apps on itch.io to share, no longer
allowed unless they pony up $99 to Apple.

~~~
slmjkdbtl
This is my biggest concern too, cross-platform game dev is just so hard to do
and you even have to deal with stuff like gatekeeper. I was just thinking
about giving up cross-platform entirely now and just do the web which is plain
simple

------
ho_schi
Apple doesn't provide a good documentation and tools about manually creating
Apple Bundles, Signing, Notarization and Stapling. When you cannot use XCode
or don't want use XCode you're in the Apple Hell.

I've ported an already running and shipped desktop application from Linux and
Windows to Mac. First and foremost you save some time with the network stuff
because there is still some POSIX in MacOS and you got a usable shell also.

We cannot use reliable XCode, because it doesn't support Meson or anything
else outside of Apples own world reliable. Compiling code with 'homebrew'
works, yes.

Creating the App Bundle itself is the first big burden, because outside of
XCode you have to create them fully manually and using 'otool' to adjust every
library path which is used internally. Even the icons hurt you, you cannot
provide one big PNG or SVG (Linux) or melt it into the executable (Windows),
but a icon for every size someone can imagine. ImageMagick is your friend.
What year is it? 1995?

Because we cannot use XCode and have to build stuff repeatable, we also stick
with 'codesign'. Which is horrible to use, because it's recursive option is
not reliable and you have to sign nearly every bit in an App Bundle. On
Windows you sign the executable or the howl installer, here you sign nearly
everything.

But watch out. The certificates included by default in your Apple Account are
likely all false friends. There badly name and desribed and you cannot see
that you don't get the needed type of certificate as non account owner. So be
careful with company accounts! Always ensure that multiple people have
permanent access to this as owners and can immediately accept the new terms -
or you cannot ship anything anymore. Happened this spring/summer to me :(

Signing done? Fine. Now hope that your 3rd party code doesn't show nasty bugs
after signing, like the code from our partner. Furthermore don't expect that
MacOS tell you via console what is going wrong and what you need. But itt
could maybe help a little.

Then uploading for "notarization" follows. I hope you didn't make something
bad and placed the right file in the wrong directory of the bundle or it is
declined.

Finally attach (staple) the notarization to your bundle! Or every Mac there
will ask the Apple Servers if it is "okay to execute this code now". Without
it privacy is lost. And the startup is slowed down also.

If your going to support MacOS, don't assume that portable code is portable.
The shipping is actually the hard part.

------
blauditore
To me, this is a lazy solution by Apple. It's easy to keep a whilelist of apps
that were manually reviewed (for money!) and just block everything else,
leaving out anyone who's not willing to join the club (or cannot afford it)
out in the rain.

A more appropriate approach would be to use an actual malware detection
system, similar to what AVs to when checking binaries (check fingerprints
etc.). AFAIK this is what Windows does, and it's way more inclusive.

------
stunt
As macOS market share increases, Apple definitely doesn't want to become
another attractive platform for malware developers like windows XP.

I guess if they make it more intuitive for users to run unsigned apps when
they want to, everyone would be still happy with those restrictions. It's just
about adding clear message and additional buttons. So I would be happy with
having the option and my grandmother is also happy with some level of
protection.

------
devboxr
I'm actually a big fan of this. Since macOS has become a lot more prevalent
and most of my family and friends use it, I was asked A LOT less for IT
support.

------
tromp
I'm very happy to have come across this sentence:

> Finally, we see the instructions to right click. Err, control click.

Just recently I was on my iMac playing the "free guess" minesweeper where
guessing is safe whenever you're forced to guess. The game needed a right-
click to mark mines, and I got frustrated by Apple's magic mouse being prone
to misinterpret right-clicks as left-clicks.

Now I know how to be in control with my right-clicks!

~~~
m12k
You can ensure it doesn't interpret a right-click as a left click by lifting
the fingers on the left side before right-clicking, then it'll work every
time. Or do like me and ditch the magic mouse, since it's insane that a mouse
would force you to do that just to be able to right click with any
consistency.

------
pkphilip
The approach may be to start educating the Apple users to understand that
these messages do not necessarily mean that the app itself is malicious or
from a malicious source.

Yes, I know that ideally Apple should be allowing opensource apps or at least
have a mechanism for opensource apps also to be verified by the gatekeeper and
that is something we can campaign for, but in the absence of that, we can
atleast educate the users.

------
yreg
>although Apple has indicated that a future version of macOS may not allow
unsigned code to run at all

Where is this comming from? I doubt Apple indicated such a thing.

------
gspr
I really don't mean this in an inflammatory way. Please take the question at
face value.

Why does anyone who's a creator of anything stand for this?

------
unlog
How do you ad-hoc from windows? I run into this just yesterday and had to
explain people to CTRL+CLICK. I'm not planning to give apple anything and the
users already know that. Whats funny is that on windows you can also get an
app signed via a third party(not sure if this applies this day) and avoid this
kind of scary dialogues.. just because you paid someone.

------
Animats
That's how Apple protects its 30% cut.

~~~
saagarjha
Actually, this specific behavior applies exclusively to applications
distributed outside of the Mac App Store.

------
mcintyre1994
Also importantly Apple consider it legitimate to refuse to notarise apps if
you break unrelated rules that have nothing to do with distributing malware
and don't give any reason to think you're shipping anything dangerous. This
was part of their threat to Epic Games.

------
danShumway
> Can you distribute Mac software over the internet without signing it,
> thereby avoiding Developer ID and notarization entirely? Technically,
> currently, yes, although Apple has indicated that a future version of macOS
> may not allow unsigned code to run at all.

I don't mean to keep beating a dead horse on this subject, but why are we
acting like this is only a _possibility_? Apple is almost certainly going to
remove the ability to run unsigned code in the future.

A day or two I wrote[0] about the timeline that took Facebook from
guaranteeing that you'd never need to sign into an account on Oculus to
requiring a Facebook account on Oculus. Different company, same story.

We spent a long time having concerns dismissed, and then once everyone was
used to the idea and the uproar had been reduced to a manageable level,
Facebook did it. People get told that they're paranoid when they express
concerns about the future. Then those concerns turn out to be correct, but by
then the concerns seems less dystopian, and we've moved on to dismissing other
concerns even farther down the road.

I'm not going to find the other threads and articles, but:

Voice assistants: same story different companies. Concerns about recordings
leaking, being distributed outside of the company to 3rd-party contractors
were all paranoia until they weren't.

Facebook, again: same story different company. Facebook would need to be
stupid to use 2-factor phone numbers for advertising and promotion services,
the people worrying about that scenario were paranoid. Until they were proven
right.

Browsers: same story different companies. You can not run unsigned extensions
in Chrome. You can not run unsigned extensions in Firefox unless you are on
the beta-version developer branch. In both cases, even though Firefox
technically has an escape hatch, the effect is the same: normal no longer have
the unrestricted ability to write software for their own devices.

I'm not going to argue that Mozilla's worries about malware aren't real, I'm
not even going to argue about whether or not they made the right decision
overall. BUT, anyone who thinks for one second that Apple isn't in a position
to bring up the exact same security justifications for removing unsigned code
from the Mac is fooling themselves.

We keep on taking these companies at face value, assuming the most permissive,
conservative version of their policies, and then using that assumption to
avoid talking about the real dangers of a corporate war on user-controlled
general-purpose computing.

When Mac signing came out, so many people were telling me that it was stupid
to object, because this was just about stopping specific malware. It would
never be used to enforce a ToS or directly punish another company. So when we
have conversations about Apple's dominance in the space, about what walled
gardens mean for Apple, we need to have those conversations under the
assumption that the most likely future is one where those same exact policies
apply to both Apple phones and Apple desktop computers.

[0]:
[https://news.ycombinator.com/item?id=24202879](https://news.ycombinator.com/item?id=24202879)

------
bencollier49
I have a 2015 Macbook, and for the last year or so I've known it'll be my last
Apple product. Perhaps in fifteen years when they've been displaced and have
made a semi-contrite return a la Microsoft, I might look at buying their stuff
again.

------
slmjkdbtl
What about cli applications / scripts? Why macOS doesn't seem to prevent users
from using those downloaded from the internet when they can also very likely
be malicious according to apple

------
ronreiter
The whole idea here is to protect the user. If it's important enough for you
to have your app signed then you will do it.

iOS does this in a much more violent approach - the app verification process.

~~~
iso1631
I'm the user, where can I disable this on my machine?

------
greatgib
It's hard for me to understand how so many in their right mind can spend
thousands of dollars to buy Apple stuff that are made to screw them and to
transform them into toddlers!

------
ineedasername
As I understand it, the article was referring to applications built with Apple
development tools. How does Gatekeeper treat applications developed in some
other way, say an Electron app?

------
pkamb
I would have assumed that double-clicking is functionally equivalent to
selecting “Open” from the context menu.

At least in Vista it was a separate command “Run as administrator”...

------
euske
This would make sense if Apple guaranted that my machine is "more secure" with
this feature and offered some compensation or extra services for it.

------
Dahoon
And yet Apple is supposedly better at UI and UX than anyone else. I still
can't see it no matter how many times I use Apple software.

------
the_other
I wish Apple would apply this sort of security protocol to code which wanted
to fingerprint my browser and identify my kids’ habits on the web.

------
tflinton
Dear Mac, where the developer goes, your revenue goes.

------
kinglawrence
"Apple has indicated that a future version of macOS may not allow unsigned
code to run at all"

Anyone have a source for when Apple has indicated this?

------
irrational
The crazy thing is that I had no idea those dialog boxes have the malware
warnings. I just look for the buttons and click.

------
shuringai
software security 101: if there is an "accept the obvious risk" button, the
user WILL DEFINITELY CLICK IT. No matter how clear you make the danger, they
always choose potential malware instead of inconvenience. It's better hide
because, otherwise that button would be the center of any social engineering
attack

------
sergiotapia
I miss the wild west of download random .exes and discovering news software.
Time to sandbox a win95 box?

------
rmrfrmrf
Now do this thought experiment again with MyTrojanKeylogger.app instead of
MyGreatApp.app.

------
sm4rk0
Can't you just use a PC?

------
saagarjha
> On macOS Catalina, Gatekeeper not only checks whether the software was
> signed by a valid Developer ID certificate, it also "phones home" to check
> whether Apple has notarized the software, again refusing to run it if the
> check fails.

Nit: I believe stapling is supposed to fix this issue.

~~~
lapcatsoftware
> Nit: I believe stapling is supposed to fix this issue.

No, even stapled apps phone home. The difference is that stapled apps can
still run if Catalina can't contact Apple (e.g., no internet), whereas
unstapled apps can't.

Look closely at the Gatekeeper dialog with and without your internet
connected.

~~~
saagarjha
…wait, what? Why is this designed like that? Surely downloading a revocation
list is not that onerous…

------
scoot_718
It hasn't been worth it to develop for Mac for a good while now.

------
guytv
Free computing is dead. Apple and Google killed it.

------
realistcake
It's good that at least one company these days still cares about protecting
its users from viruses and malicious software. I feel like most other
companies are just not doing enough.

------
classics2
It costs $349/yr to rent the magic number required to ship signed drivers for
Windows. $99 seems pedestrian by comparison.

------
justaguy88
Can't you just [give up on macos as a general computing platform]

------
fizzled
All of these people saying: switch to Windows, its better than mac!

Have you really done that? REALLY? Because I work on Mac, Win10 and Linux
every day. And Win10 doesn't even come close to the other two in terms of
reliability, stability, and lack of unnecessary bullshit.

I just don't understand who can make this claim that Win is better than Macos
with a straight face. Maybe for gaming. Maybe. The cost/fps is clearly better
for Windows machines, but Apple puts so much more thought into their OS than
windows. Hell, Windows still pops a Win95 dialog for drivers. Come on, man.
Seriously? MacOs doesn't have built in ads on the home screen. MacOS has no
REAL viruses, and clicking on malware is even harder now than Windows.

Downvote me all you want, but I think a lot of people on this thread have
never even used a mac for more than five minutes, let alone developed on one.
HN monoculture is real.

~~~
lawl
> I think a lot of people on this thread have never even used a mac for more
> than five minutes, let alone developed on one.

I have when I started a new job and they gave me a macbook and said it's the
only option. After 2 weeks I told them I'll need a linux box asap or I'll look
for a different job.

It's in my opinion the absolute worst garbage of an operating system I've ever
had the displeasure of using and their window manager is a completely unusable
pile of shit. Their hardware doesn't have proper cooling and burns your hands
if you actually use your CPU.

People have different tastes and I really don't think you should assume people
haven't tried.

Yes, I too think windows is way better than OSX, but well I also think windows
is pretty shit. However, I wouldn't quit my job over having to use windows, I
would have for OSX.

~~~
hu3
I had similar experience. They gave me a brand new beefed up macbook. I tried
to like that thing. I really did. For months.

One day I just got tired of that thing overheating and being loud. Was given a
real linux machine to work with.

~~~
roboyoshi
What OS are you running on linux that makes the experience worth it over
macOS? I've grown up using macs and am used to the UI quite a bit. Have a work
machine (t580) and used Ubuntu and Fedore. Both have been quite challenging to
use with lots of Graphics Issues. Sure the thing runs everything I throws at
it in terms of docker/system-services/etc., but UI stuff is really ugly.

~~~
reportgunner
> _Ubuntu and Fedora_

> _but UI stuff is really ugly._

Have you tried a linux distro without an ugly UI ? Ubuntu especially is a
horrid horrid UI.

------
arkanciscan
I don't understand how anyone with self-respect uses AAPL products. I guess
it's true what they say about fools and their money.

------
stevage
Personally, I don't think $99USD/year is an unreasonable burden for any
business selling software targeted primarily at the MacOS platform.

------
antipaul
Here is Apple’s calculus:

What fraction of unsigned app openings, across the entire world each and every
day, are safe?

If 99% of these events are unsafe, then such an experience seems warranted,
given real malware and security threats.

The question is, what is that fraction?

Folks may say I want my computer to be “open” but do you want it open in the
same way for your grandad and grandma?

------
oneplane
I'm not sure what the point of that page or posting it here is. This system
(and others like it) is neither new nor special. It's also not a bad thing,
and I haven't seen anyone come up with a better alternative.

Generally you see all major distribution options have signatures with a CA-
type trust structure no matter what you use, be it open-source, free or
commercial paid software. On Windows, macOS and at least all Linux distros
based on dpkg or rpm you have signatures and circumventing that requires a
bunch of steps that will prevent most users from shooting themselves in the
foot.

~~~
saagarjha
Question for you: what exactly does Notarization protect against? I have
watched all the videos about it, I read the developer documentation, I
notarize my apps because it is required by the OS…but I still have not gotten
a single good explanation as to why it's useful. Apple claims that the process
is extremely tolerant…so does it try to accept everything but blatant malware?
Does it let malware through? What happens if malware does get through? Why
does having build-specific certificates help security–is there any reason why
Apple would disable a single build of an app from a malware publisher?

~~~
crooked-v
> Apple claims that the process is extremely tolerant…so does it try to accept
> everything but blatant malware?

From what I understand, the most common use case here is to match against
known malware inserted into an otherwise normal release, either from an
infected dev machine or by way of an attacker coopting stolen credentials.
It's not going to guard against truly novel malware for obvious reasons, but
the vast majority of malware is a repackaging of stuff that's already out
there.

~~~
saagarjha
But Apple can already detect that using XProtect…

