Hacker News new | past | comments | ask | show | jobs | submit login
The Untouchables – Apple’s new OS “activation” for Touch Bar MacBook Pros (onemoreadmin.wordpress.com)
152 points by daferna on Nov 29, 2016 | hide | past | favorite | 71 comments


> It’s quite clear – Welcome to the future of Apple’s hybrid ARM/x86 platform

Meaning, in a nutshell, that we have two different system "loading" policies (the ARM policy and the x86 policy) having fun together on the same disk? Three if you count macOS and EFI as two different systems really.

So naturally this would make disk imaging complex. Seriously, why wasn't this documented (or better documented)?

I'm quite impressed with the author's polite tone. His list of unanswered questions is mind boggling.

[edit: perhaps not "mind boggling" ... maybe just alarming is a better term]

> questions is mind boggling

Becomes less mind boggling when you take this hint that Apple genuinely doesn't care about their machines being used in scenarios that require this anymore.

Another indication that Apple is no longer committed to professional customers of their computer line and their needs - iDevices get the required admin tools, but the target demographics for their computers are consumers and web dev shops where everyone tends to their systems.

I do not know why Google doesn't just come in and absolutely dominate Apple in the 'laptop geared towards developers'-market...

The Chromebook Pixel 2 is absolutely gorgeous, but it still comes with a prohibitively small SSD. They need to develop their own super-robust and sexy Linux distro and drop the ChromeOS nonsense.

I just can't figure out why they aren't doing this.

"I do not know why Google doesn't just come in and absolutely dominate Apple in the 'laptop geared towards developers'-market"

There could be many reasons. Off the top of my head:

* Google is not a devices company (disregarding recent forays into the the high end smartphone market), but a services company. It's not in their DNA to this, and it doesn't fit their (current) business model. The don't have the required hardware competences, nor the required sales or distribution organisations.

* Even if Google had the required competences to do this, it's highly doubtful that it's a worthwhile pursuit. The "pro" market is not big, its probably not growing, and the competition is fierce. To the extend that Apple neglects this market, its probably because the ROI is too low. To make hardware that seriously challenges Apple (and other PC manufacturers) requires large investments.

* It doesn't support Google's other businesses. Google is already present on all the existing platforms. They are not going to sell more ads doing this.

> The "pro" market is not big, its probably not growing

Not sure I agree with that, when we're teaching everybody and their grandparents how to program, in order to compete in the "new economy."

Doubly-so for developing countries.

I would hope that the proportion of developers in the world should be increasing.

The real issue is that your conception of "pro" is off. The "pro" users Apple traditionally targeted were not software developers. Their laptops became popular among developers not because of the hardware, but because of a quirk of Apple's corporate history which led to OS X being a Unix under the hood, which in turn meant it was a computer you could do all your developer-y things on without the living hell of trying to run Linux as your desktop OS.

I agree with your statement, however, running Linux as a desktop OS is definitely not that bad anymore.

We may be talking about different things. I was talking specifically about laptops that are directly comparable with Apple's pro line (i.e. expensive). I seems doubtful that the market for expensive laptops will find much growth in the developing world.

Even if it should prove true that the proportion of high end users is expanding relative to the entire market, it will still just be a bigger slice of a smaller pie. The PC market has been declining for quite some time. That doesn't mean that there will not still be lucrative niches within that market, but does Google really strike you as a company that would or should go for a niche in a contracting market?

Developers are but a small portion of "pro." Also, the stuff being taught to everybody and their grandparents would do fine on 10-year-old netbooks.

Indeed, I learned CS on a 486 and the code I wrote ran mind-bogglingly fast on a Pentium.

They need to develop their own super-robust and sexy Linux distro and drop the ChromeOS nonsense.

That would be great, but I don't think they have the expertise in-house for that right now -- they'd have to ramp up and that's a slow process.

Google wants to move you to the cloud. They can't ensure the data collection they need if it's regular Linux.

No one thinks there is much value in the developer market?

Their revenue comes from ads and cloud. They have 0 incentive doing anything for desktop OS.

A linux distro that isn't 100% locked down and limited to infrastructure like Android and ChromeOS is a fuss and a nuisance to maintain, it takes expensive specialists, it takes money, and it invites security issues. And "developers" is a teeny tiny market.

They may be heading that way with Android given recent changes.

Also give me photoshop because I work with PSD's plenty and I'm tempted.

Hell give me the whole Adobe CC suite

I'd be good with less corporate governance on the machine they issued me, more in line with what google does. The windows machines are unusable with all the forced updating, antivirus inefficiencies, and basically spyware. The Macbooks are on their way there, though you can at least still unload the kexts today

> The windows machines are unusable with all the forced updating, antivirus inefficiencies, and basically spyware.

Hardly ever had such problems on machines I was able to manage myself.

I'm not sure what you're referring to by "forced updating"; the W10 upgrade or just regular updates?

My company uses a product called LanDesk to manage updates on machines instead of WSUS. It pops up at least once a week if not once a day and says that I have to reboot. It gives me 60 seconds to choose to reboot now or postpone the reboot boot for 4 hours but you can only postpone 3 times before it automatically reboots. If you don't act in those 60 seconds, the system reboots. It doesn't matter if you were getting coffee or having a bio break.

It doesn't initiate the system shutdown command or at least doesn't wait long enough to allow programs like Outlook to safely shutdown so I've had corrupted mail files that needed to be rebuilt because of it.

Further more, LanDesk has a vulnerability scanner and remote administration utility that are both always running. On top of that we use McAfee's virus and malware scanner and firewall. Cisco's Web Security Agent that monitors all network traffic. And a product called WebSense which as near as I can tell logs everything you do in browser.

We deal with PCI, PII, and HIPPA related information though and they pretty much require this kind of nonsense.

Idk, the whole Windows 10 "spying" and "forced" update policies seems insignificant by comparison.

Yeah, I've seen such stuff too, and I hate it. Such setups are part of the reason for Windows' bad reputation. IMO, too strong security measures tend to reduce security at some point, because users get annoyed and try to circumvent them.

A blank W10 installation with Avast is blazingly fast and quite reasonable with update handling. A lot has changed since Vista, or even 7 and 8.

You listed the exact set of crap installed on our workstations when I worked for Blue Cross & Blue Shield...then you threw HIPPA out there and really sent it home. Do you work for a medical insurance company?

Nope, a non profit charity.

Are they referring to corporate policies/software forcing updates?

Yes. Corporate IT will install extra software on the machine which does this kind of thing.

On the macs, there's an auto-updater which forces a restart with a countdown, no way to stop it. Its not by Apple for sure, based on how jankey it looks, but terminating the process will prevent the restart. The worst is spyware which randomly spins up one of the CPUs to 100% for 10 mins every few hours while it runs du.

We get updates through a corporate AppStore and they function like normal Apple updates. I can choose when to install, etc. I found the software underneath (https://www.jamf.com/solutions/technologies/mac-management/). Sounds like a better UX than what you got stuck with.

The spyware on my personal phone so that I can read corporate email is pretty asinine though.

The "Fun Bugs" section is really concerning. So, if you set the date on a new MacBook Pro to 1/1/1970, your MBP will fail to boot, because the OS in your keyboard still has a bug that was patched in iOS, but not in keyboardOS? I must be misreading that bit, surely?

Nope, just tried it. The machine will boot, it just takes a long time (some timeouts at play, I assume). If anything, Touch ID not working if the system time is wildly incorrect is makes me trust it more, rather than less.

Would I like the system design be more open and better documented? Sure. But if a security feature doesn't work when the clock is set 45 years in the past… is not concerning per se.

That doesn't sound quite so bad then, I'm assuming it's possible to login without Touch ID. Although it does make worry about how usable the machine will be when Apple eventually stops updating/signing the TouchBar firmware.

So I can cause some serious economic damage around the Bay area by spoofing a few NTP messages?

From the article:

> Good news everyone: Mac imaging isn't dead... yet.

Also the article title doesn't mention breaking anything. So why does the title of the HN post say disk imaging has been broken?

Because the OP who posted this link was trying to be provocative and made up the link title.

Fixed - thanks.

For a company that targets Professionals, some Apple policies seems rather hostile towards them.

> targets Professionals

All we know, there's a word "pro" in marketing materials (includes product names). Who they actually target with that is Apple's internal affairs, and everyone should judge for himself, whether it matches one's requirements.

Some people are fine with X limitation, but that doesn't mean they aren't "serious" users.

Some people find limitation X to be a deal breaker, but that doesn't invalidate "pro" status of everyone else.

>> targets Professionals

> All we know, there's a word "pro" in marketing materials (includes product names). Who they actually target with that is Apple's internal affairs, and everyone should judge for himself, whether it matches one's requirements.

So nowadays Apple's "pro" is more like the "pro" in Playstation Pro.

More to the point, it's like the "pro" in iPad Pro.

Unfortunately, in this case the "pro" is the admin who has to manage the Mac fleet or the developer who has to use a Mac at their place of employment. This is all being due to their widespread popularity as "pro" devices.

If Apple plays fast and loose with this as a marketing term only, when will this "pro" market open to competition? I suppose it already has, judging from this article.

Except it's not. At least not until someone starts making aluminum unibody laptops with Retina displays running some enterprise Linux distro in which everything on the desktop "just works" including printing and networking.

Printing and networking in Linux is a solved problem. HiDPI is going through a growing pains, and some things for enterprises are better on Linux than macOS (have you seen what FreeIPA can do? You can have Kerberos+OTP authenticated VPN, for example).

What's wrong with all the PC laptops is an attention to detail. Just have look at the recent Dell XPS thread. I mean - coil whine? In 2016? Seriously?

Audio, monitor detection, battery life, etc. are not solved problems though. Linux is mostly fine, but there is still a lot of little things that makes it "painful" to use on a day to day basis.

I admit that last few years my experience with Linux is limited to T and X-series Thinkpads. On them, almost everything worked out of the box, including the fingerprint reader and WWAN networking. The only thing that I found not installed out-of-the box was tlp (power management daemon, it relates to battery life you mentioned). After a 'dnf install tlp tlp-rdw' it was solved too and that takes care of the almost qualifier in the previous sentence.

The other issue I had was with external monitor was, that the primary display for the login screen was the built-in display, not the external monitor (that's my subjective preference. After login, the arrangement was according to user preferences).

Both certainly not earth shattering. If other laptops or computers have more serious problems, that's issue to be solved by their manufacturer. They are selling their wares to you, after all, why would you accept incomplete support?

Why Retina?

15" HP Spectre x360. UHD display. Option for double the max RAM in the new MBP. Several other nifty features, including an aluminum body and somewhat replaceable components without all of the glue nonsense you'll see in Apple products.

Good point. Frankly I feel like the retina screens hurt my eyes more than others. But it always seemed like one of the big Mac selling points.

I think by "professional" they do not really mean "power user" or "developer", but the stereotypically computer-illiterate user who happens to be a professional in a different field.

Exactly. They mean someone like a design professional who is just a usual computer illiterate user who knows Photoshop.

I would argue that "pro" doesn't mean "user in an aggressively locked down IT department."

I am a pro and I never need this.

Not all pros work in large enterprises, but a large portion of them do.

My employer (a 20,000+ employee healthcare system) issues me a MacBook Pro, but the client techs have to do heroics do manage it, compared to the Thinkpads that are normally issued. I'm happy to have the choice (I actually like the Thinkpad hardware better, but OSX is better suited to my workflow as a developer compared to Windows), but Apple certainly isn't making it easy. If they keep doing these sorts of shenanigans, it won't be long before I'm adapting my workflow to Windows 10 on a T460.

Yikes. As a professional, I'd never submit to someone else controlling the tools I use to ply my trade, and in my entire career I've never had to. Even when I've worked for large orgs (40k+ employees), Developers have always been root on their own machines, which were never managed centrally.

Do you seriously beg some tech to allow you to install the tools you need, or allow you to load kexts to instrument system calls for debugging, etc? That sounds demeaning.

No, I get root access. But I still need centrally-provisioned tools in order to access the VPN, email, etc.—basically, the non-development parts of my job.

Between this and the Windows 10 dual boot blowing speakers in the new MBP, I question the short term Linux viability on Macs, let alone the long term.

iBridge, eh? I can see where this is going...

The title of this HN post has been edited and does not reflect the article.

The correct title is:

"Apple’s new OS “activation” for Touch Bar MacBook Pros"

Yes, admins, please, the current title is against HN title non-editorializing policies.

I wonder how you can ping one of the admins. Will he respond if I do this:


or this @dang



(It's linked in the footer)

/u/dang maybe? Does this even work on here to begin with, since there is no real inbox?

I thought that duplicate links merge automatically?


Shorter this article: "Blindly overwriting the partition map the machine ships with has negative side-effects."

> We need a up-to-date portal with information regarding the future of mac management.

"mac management" is not in Apple's target market anymore. Actual professional usage ended with this mac laptop series.

Tell that to IBM, adding 1500 professional Macs a week.

By the end of 2016, roughly one in four IBM employees will use a Macintosh computer. The tech giant, which employs 400,000 people, bought and provisioned 90,000 Macs since it started to support Apple laptops in June 2015. It expects to have at least 100,000 Macs deployed by 2017.

IBM now has the largest enterprise Mac deployment in the world, and it is Apple's biggest business customer for Macs, according to Mac maker. Apple declined to provide details on the other leading enterprise Mac customers, but SAP, Kelly Services and Intuit are among the company's most recognizable clients. In total, IBM says it manages 217,000 Apple devices for its employees today, including those 90,000 Macs, 81,000 iPhones and 48,000 iPads.


Seems to me that if the OS can write the touchpad firmware, it's of dubious security value as a sort of "secure enclave" for fingerprint id or whatever else.

As long as the embedded SoC checks the firmware signature, it's not a problem.

My theory is hat the reason the touch bar exists is that Apple needs to get rid of overstocked (or contractually overproduced) Watch SoCs.

Apple doesn't make design decisions based on redundant stock.

Besides, Apple Watch sold extremely well for its product category.

> Apple doesn't make design decisions based on redundant stock.

One would like to think that way.

All the (expensive and custom-manufactured) evidence backs up that thinking, so I'm not sure why you're being snarky about it.

iPhone 5c, iPhone SE, Apple watch series 1 etc use evidence that Apple takes availability of stock parts into design considerations.

That doesn't imply that the Apple Watch poor sales theory is correct though

The iPhone 5c was an attempt at a "youth market" that didn't exist, but I'll agree it was cheap for them to make it.

However, the iPhone SE had 98% of the guts of the 6S in a smaller package. That's not a cheap or simple thing to do.

And the Series 1 Apple Watch had a better CPU. That's basically a different watch.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact