Hacker News new | past | comments | ask | show | jobs | submit login
Can't you just right click? (lapcatsoftware.com)
1169 points by bangonkeyboard on Aug 19, 2020 | hide | past | favorite | 746 comments



This makes me wonder how open source is supposed to work on macOS. People seem to become more and more aware of it and even enterprises that insisted on support contracts can see that they can't get around open source completely anymore. Meanwhile Apple is removing the ability for me to have a pet project without paying an Apple tax.

If the message were completely transparent, something like "The developer didn't pay $99 for us to do a cursory check on them (or whatever it is that Apple does with that money), are you sure you want to run their software? [Move to trash] [No] [?]", then that would give the user the relevant information to make this decision, but as it is, virtually no mac user will understand what is really going on.

I also can't imagine $100 is easy to come up with in countries below level 4[1]. The OpenStreetMap Foundation recently introduced a way to waive the yearly £15 fee for OSMF membership if you have a certain number of map edits or otherwise contributed to the project. The OSM community seems to be quite diverse, but I can't imagine that Apple computers are less widespread than OpenStreetMap.

[1] https://www.gatesnotes.com/Books/Factfulness#incomegroups


I remember RMS saying that the GPL was updated because one "obvious" freedom was not so obvious -- you could meet all the requirements of the GPL, without giving the right to RUN the software.

GPL3 allows that. And looking backwards, apple shipped software that was GPL2, but would not ship software that was GPL3. As one example, bash and make all quietly stopped getting updates from apple when the GPL3 versions came out. (although apple sort of broke GPL with bash as it never shipped all the source for it -- missing the header file rootless.h)

One other point about these dialogs + the help message. You are required to contact apple to even see this online help. Apple deals itself into the equation no matter what.


as an ex-apple employee and long time developer, glad people start to see apple is an open source foo creating prisons of software to lure the obsessive brand fanatics and get a fee selling them as users to the other parties.

- in apple tech, the users are volunteer products where servicing them gets a myriad of monetization, notarization etc.

- hope open source starts to ignore apple platforms as a target at some point. Being "*nixy" and presence of "brew" etc gave the false impression apple is in the open source camp.


I would never develop against an OS like that. Far too many security risks. MacOS still has < 10% market share and I believe that number won't go up too much in the near future at least.

The level of rationalization of these lock in practices is just sad to be honest, fully neglecting how software becomes more accessible.

Even signed apps have been victims of malware attacks and I do think the check is primarily to ensure the developer has paid their Apple tax. It isn't that high, but I don't think I want to spend it. If it normalized, Apple will surely increase it and developers would have absolutely no handle to protest.


> I do think the check is primarily to ensure the developer has paid their Apple tax

I think the true reason for the check is not money, but control. They want to control what software runs on "their" platform. For historical reasons, they don't have that control on desktops/laptops yet (but they already have it on phones).


If you're developing in the right sector, MacOS has a market that's selected to be lucrative.

I don't think that's a particularly good thing, but it does explain how <10% market share can make such a big splash. Especially for more casual projects, IMO.


> glad people start to see apple is an open source foo creating prisons of software

People have been saying it since day 1 of the Apple App Store. It's called a walled garden and it should be attacked as the abuse of a dominant position it is.


But when a company makes such shiny and popular devices they seem exempt from any usual criticisms of hypercapitalism and near-monopoly power


Near monopoly power. We are talking about Macs still, right?

Oh I'm against this latest erosion of the ability to run whatever code you want on a Mac. This is one of the reasons I just got one of the new Intel iMacs, because I can see this coming on the ARM side. It's their product though, they legitimately get a monopoly on what features it has, and I don't have any right to tell them how to design it. That's histrionics.

There is a legitimate case to be made though as customers as to how we would like to see the product develop. I'm behind that effort 100%.


> Near monopoly power. We are talking about Macs still, right?

The problem is that there's only one Apple Developer Program for both iOS and macOS.

If you get kicked out of the developer program for reasons related to the iOS App Store, you're also kicked out of independent Mac distribution outside the App Store. You no longer have true independence on the Mac either.


Well, you're using someone else's products (dev tools, compilers, OS libraries) you buy and license from them under certain commercial terms. If you don't like the terms, don't buy them.

And to be crystal clear, that's the approach I am personally going to take. I carved off a TB partition and installed Windows 10 and WSL 2 on my new iMac and it runs like a dream. I still need MacOS, and I'll be installing Virtualbox for some stuff. If the Mac gets to the point where I can't run all the applications and tools I need, I'll miss the hardware and the OS and some apps, but I'll jump ship. I hope they listen to us, but I intend to ask and argue, not tell or coerce through legal action.


> Well, you're using someone else's products (dev tools, compilers, OS libraries) you buy and license from them under certain commercial terms. If you don't like the terms, don't buy them.

This doesn't tell the whole story, because terms change. Even open source licenses change. Apple added Gatekeeper to Mac OS X in 2012. Before then, it was a pretty open platform. And other companies such as Microsoft and Google have been known to follow Apple in some respects, so just because one platform has better terms than another at the moment doesn't mean the platform owners can't change their terms on a whim. Apple/Google/Microsoft have close to all of the OS market share on both mobile and desktop, so it's not like there are a lot of choices, especially in the consumer space.


They can't change the terms on a product they have already sold to you, but new versions of the OS and dev tools are new products with new features. If you want the new features, you can choose to accept the terms, but you don't have to.


On the user side, there are security updates. Yes, you can refuse to install OS updates that patch vulnerabilities, but obviously that's a big problem for the user. And eventually the vendor stops providing security updates altogether for the hardware.

On the developer side, you can't really refuse to use the new versions, because they are required to support your software for the latest OS versions, which is where your customers will be. So if you don't, you lose your customers and go out of business, which is not much of a choice.

It's untrue that updates consist of nothing but new features.


> If you don't like the terms, don't buy them.

Do that. I do so as well. But as a rule for society it seldomly works. Too few people are willing or knowledgeable enough to withstand the lure of their individual short term benefit as opposed to the collective cost of their action. I mean, this very feature we are talking about is itself a protection of users against their short term desire: "Let me run this application, I want to see the dancing bunnies" [1] And people fail to do so, even though the downsides are personally and sometimes very immediate. They could research who distributes the file, calculate the trade-off between the remaining uncertainty and the expected reward and come to a rational decision. Or they could just click! Just accept those terms and conditions. Just enter their credit card number on the apple developer product page to get to what they want. And that's what most people do most of the time.

It's for this coordination and collective bargaining problem that we need to regulate the shit out of anything that reaches a certain size.

[1] https://blog.codinghorror.com/the-dancing-bunnies-problem/


Well the other hypercapitalists sell a product that sucks and sure, it lets you run other stuff, but it absolutely tramples on your privacy and is still, for the most part, worse in all aspects. (and yes the keyboard issues were very close to tipping the scales)

I wish the choice was simple, but it isn't.


If only we had an operating system that we could install on our computers freely, right?

It is a shame that people are forced to buy a computer and not reformat the disk to install their OS of choice. It is a shame that we can not take the money that we could be saving and investing in open alternatives...


Yes, and I've used that other OS a lot as well

But it is not a panacea and it is not for everybody. And it has two main issues:

- developers don't care about stability and/or polish (just see the discussions on the trackpad ITT) "Oh but if you change library X to Y and reroute libinput and etc it might maybe work and maybe it will not break anything else"

- because of the former reason, not all (important) applications are available to the platform. I'm really glad that a lot of things are online now, but that doesn't solve all problems

I've lost count of how many times wifi was supposed to work "out of the box" in Linux and it didn't. (And no, it wasn't an issue with drivers or wpa, it was the stupid Gnome NM widget - if I configured it manually it works). Or some other stuff. And sure, a there are stuff that works better even than MacOS.


Well... your choice is:

- windows 10 - no privacy, hello telemetry, cortana, etc.

- mac os - no freedom to do anything not allowed by apple

- Linux - polish / ui issues?

At least with Linux once I configure it right it works without issue and does everything I want.

Currently that means kubuntu 20.04, AMD GPU (or intel integrated) and laptops that say they support it (Dell/Lenovo) or self built desktop. (I used gnome until I hit your NM issue too and it did not allow me to move top bar to the right... switched to KDE)

I no longer have a fear of upgrading distributions/packages causing problems, nvidia drivers causing black screen after upgrade...


Do not underestimate how important polish and UI issues are to many people.


I know it is important, that and exterior looks of the hardware.

Still, I do not have UI issues and the polish is fine on Linux, was explaining how to get there.

Problem is people expect a 300$ Linux laptop to work like a mac usually... when you would need a similar priced dell xps or lenovo carbon x1 plus manufacturer to support Linux, like dell developer edition.


I agree. There are several distros (especially something like Elementary OS) that are pretty darn easy to pick up as a Windows user. I set up my very non-technical grandma up with Elementary OS and she loved it.

I don't think the obstacles to adoption are based on the merits of Linux (or lack thereof). The obstacles are institutional. Businesses don't want to adopt Linux because that's a risk, and most people know Windows/Microsoft Office. Average people don't want to take a risk (installing Linux/buying a Linux box) with a device that is a decent-sized investment for most people.


I have made multiple attempts to switch to Linux, spending days each time trying to customize it and get it how I wanted. And never did it ever approach the productivity and polish of macOS.

Certainly I have issues with Apple, but it's a simple cost/benefit calculation. Right now the benefits of macOS vastly outweigh the downsides for me.

Unless Apple's problems increase to the point of being unbearable (very likely to happen at some point) or the quality of desktop Linux increases significantly (unlikely to ever happen), I just can't justify switching. And I expect many, many other people are in the same boat.

My computer is a tool. Idealistic notions about free software are nice, but they don't mean anything if that software is worse than a nonfree alternative. Free software needs to be _better_ to win, and I just don't see that ever happening in the consumer OS space.


But you’ve only got that choice on an ‘old fashioned’ PC. We could reach a point where PC hardware is unavailable, because the majority of people have switched to shiny but terribly-locked-down devices that have far surpassed anything that a ‘legacy open platform’ can do in terms of performance


> At least with Linux once I configure it right it works without issue and does everything I want.

Until an update breaks it because some asshole decided to break an ABI, or swap out a fundamental system component with a different one, etc.

So I guess what you're saying is true so long as you never update anything.


Do you have concrete experience for that?

I have only 3 things I hit:

- NVIDIA driver updates (or kernel updates while using nvidia) - caused black screen... I dumped nvidia... these are due to crappy nvidia.

- Ubuntu deciding to remove old libraries/apps that are not maintained. That's fixed via docker or just keeping an old version.

- Major version upgrades (ubuntu 18 to 20) - here I just re-install and it's expected, I wouldn't upgrade windows 7 to 10 either...

Other then this I'm not sure what you are referring to?, systemd vs sysvinit? (you only get annoyed by those if you are a power user anyway)

Note: I set up automatic updates packages every day and have not hit issues.


Major version upgrades (ubuntu 18 to 20) - here I just re-install and it's expected, I wouldn't upgrade windows 7 to 10 either...

Why not? I've upgraded a few Windows machines from 7 to 10, and the upgrade has gone just fine, assuming there's enough disk space for the OS to store the upgrade files before it starts the upgrade. Similarly, I've upgraded Linux boxes (both Ubuntu and Fedora) across major versions. MacOS as well.

I don't know where you're getting this notion that an OS upgrade is a scary thing to do. In my experience, it's been a routine, if somewhat long process.


parents messed that up (clicked accept by mistake to a microsoft upgrade pop up when that was a thing), system no longer booted and had to reinstall...

Also, I'm old, maybe things have improved but I've had upgrades wipe my hard drive due to centos anaconda bug once (centos 5 to 6) other times it just did not boot (yay using encrypted boot partition but thats on me and updating grub fixes it)

Added benefit is it also forces me to check/update backups


> Do you have concrete experience for that?

Yes.

> NVIDIA driver updates (or kernel updates while using nvidia) - caused black screen... I dumped nvidia... these are due to crappy nvidia.

This is a legitimate dispute and I'm not really counting it because as much as I think Linux should have a stable driver ABI, NVidia are being needlessly obtuse.

> Ubuntu deciding to remove old libraries/apps that are not maintained. That's fixed via docker or just keeping an old version.

Which is not a simple task. Why can't keeping old software be simple? It is in sane operating systems. Hell, even Linux can do it right, as AppImage proves, but the Linux Desktop community is so hell bent on making everything as complicated as possible that they pretty much ignore AppImage.

> Major version upgrades (ubuntu 18 to 20) - here I just re-install and it's expected, I wouldn't upgrade windows 7 to 10 either...

Ubuntu LTS receives 5 years of support, but most new software will not be backported to the repository for anywhere close to that long in my experience and instead you're getting about 2 years. Windows 7 was supported for nearly 11 years and it was rare new software didn't support it for that entire time.

> you only get annoyed by those if you are a power user anyway

Precisely. Linux Desktop people seem to think that targeting people who only need a web kiosk is somehow going to make them popular, but if people who actually know about and need the features of an actual desktop computer don't like it why would they ever recommend it to anyone?


> Yes.

Care to share?, I'm curious :)

> Which is not a simple task. Why can't keeping old software be simple? It is in sane operating systems. Hell, even Linux can do it right, as AppImage proves, but the Linux Desktop community is so hell bent on making everything as complicated as possible that they pretty much ignore AppImage.

Resources make it complicated (time/money/...). I wouldn't maintain another person's library that he doesn't bother with.

> Windows 7 was supported for nearly 11 years and it was rare new software didn't support it for that entire time.

You are comparing a paid product with something free. For better or worse new software works on ubuntu older versions as well, but you need to compile it or work to get it there. Or just upgrade.

I assume you can also switch to Red Hat which have paid support.

> Precisely. Linux Desktop people seem to think that targeting people who only need a web kiosk is somehow going to make them popular, but if people who actually know about and need the features of an actual desktop computer don't like it why would they ever recommend it to anyone?

My point there was if you are a power user you should be able to get it working, it's a skill that's very good to have. Other less skilled people don't hit it by virtue of not playing around.

The 'Linux Desktop' people that you say are targeting things for better or worse put in time to build free products, if you don't like some switch to others or contribute.


> The 'Linux Desktop' people that you say are targeting things for better or worse put in time to build free products, if you don't like some switch to others or contribute.

I did. I used to run Linux on 4/5 of my desktops and now that is down to 1/5, and only because I haven't turned that one on in 6 months. My complaints are made no less invalid by that.

Contributing to Linux Desktop is, in my considered opinion, a waste of time. The community is so dead set on doing things in the most convoluted and complicated ways possible that there is no hope for reasonable ideas.


what do you use now then and how happy are you with that?

I for one am the reverse, tried recently using windows and it just got in the way, plus felt like I was being spied on like old times under communism...

Tried last year MacOS/macbook but I can't even move the titlebar to the right... Plus Apple restricting everything I can do... Plus Macbook couldn't install Linux on it, crappy keyboard, overheating, easiest return I ever did.

Otherwise Linux since forever.


I used Lubuntu. I tried many other distros, probably several you never heard of, but Lubuntu was consistently the most tolerable.

I'm pretty much Windows-only at this point. It definitely has its flaws, and it is definitely getting worse as the new "lets make everything suck as bad as the web" culture takes hold, but I still find that it works with me much more often than against me which is more than I can say for the way Linux desktops work.


> why would they ever recommend it to anyone?

It is not a matter of recommending Linux or *BSD or anything else. It is just a matter of refusing to give in to closed software on the grounds of "convenience".

I don't go around telling people what type of software they should use, but I do expect technical people and the common developer to understand what a terrible trade-off they are making when they choose proprietary desktop. I feel hard to sympathize with those that complain about the abuse and developer hostility from Apple. They sold their souls to the devil for cheap and are now trying to bargain their way out of it?


Maybe you could give them the benefit of the doubt that they know exactly the trade-off they were making, and perhaps even wish they didn't have to go the route they did, but the alternative just isn't there yet?


If the alternative is not there yet and you are not helping build it, it is even worse!

I don't mind people that tell me they need, e.g, Photoshop to do their work. I do mind the fact that they don't contribute to any alternative. Just paying the subscription to Adobe and shrugging it off, instead of hedging and contributing to the alternatives? Shame on them.

Imagine 10% of every Adobe customer donating 10% annually of what they pay to Adobe to contribute to the development of an open alternative, we'd have hundreds of millions of dollars. How long would it take until Adobe would be no longer needed or at least playing against a more leveled field?

Even more in the case of the stereotypical web developer that uses a Macbook when every other tool they used is FOSS. Puts $2k on a laptop that you will only cripple you and work against you and still think this is somehow good "User Experience"? To me this is like failing an IQ test.


> If the alternative is not there yet and you are not helping build it, it is even worse!

I have seen what happens when people try to help. At best they are ignored. As I've said before, it is my considered opinion that the community is simply not interested in making things better. I would be totally ok with that if they weren't also evengelical.

And also, there's only so much time in the day, some of us have higher priorities than building replacement software for stuff that already exists.


"interested in making things better" != "interested in making things the way I'd like them to be"

> there's only so much time in the day

Then contribute some other way instead of just expecting the "community" to accommodate you and your opinions. I'm pretty sure that you won't be ignored if you find the developers responsible for the projects you care about and spare 10-20 bucks their way alongside a list of the issues and proposed improvements.


> "interested in making things better" != "interested in making things the way I'd like them to be"

Same difference really if our opinions of what constitutes "better" are so drastically opposed.

> Then contribute some other way instead of just expecting the "community" to accommodate you and your opinions.

I have contributed both code and money to projects I think are doing good work. Sadly there are very few of them.

> I'm pretty sure that you won't be ignored if you find the developers responsible for the projects you care about and spare 10-20 bucks their way alongside a list of the issues and proposed improvements.

I can say with confidence that most the projects I've donated to have given me absolutely no special treatment just because I contribute money. I wouldn't have it any other way really, issues are issues regardless and they should be fixed with regard to severity, not who has deep pockets.

Hell, that's probably one of the reasons things in Linux land are so ungodly complicated right now: FAANGs are calling the shots because they have the deep pockets.


> our opinions of what constitutes "better" are so drastically opposed.

I am not sure I follow. You mentioned somewhere else that Lubuntu was the one that gave you the least problems and that you are now using windows. Coincidentally, Lubuntu is the flavor that looks like the most with older versions of Windows.

To me it looks like your assumption is that anything that does not look like Windows 2000/XP is "worse". If you are starting from this point, don't be surprised if others disagree and ignore you.

(Myself, I've been using Xubuntu for the past 8+ years, but I am really not liking the direction Canonical is taking with snap. Perhaps I will switch to Debian + XFCE when I get a slow weekend but this has nothing to do with desktop issues. It's not perfect but the worst problem I can remember was related to get a blank screen after resuming from sleep, which I solved by changing the screen lock program)

> FAANGs are calling the shots

What the big companies are doing are related to the infrastructure side of things and have nothing to do with the desktop - perhaps except Google and their ChromeOS, but Google's ChromeOS approach is looking each day more and more like turn of the century MS and their "embrace, extend, extinguish".

Anyway, perhaps the issue is that you are conflating "Linux" with "Open Source Desktop" and expecting a central place to solve all solutions?


> I am not sure I follow. You mentioned somewhere else that Lubuntu was the one that gave you the least problems and that you are now using windows. Coincidentally, Lubuntu is the flavor that looks like the most with older versions of Windows.

> To me it looks like your assumption is that anything that does not look like Windows 2000/XP is "worse"

That's a very condescending conclusion to draw. I found LXDE less complicated and significantly snappier than alternatives that had their own Ubuntu derivative. I chose an Ubuntu derivative because Ubuntu has the widest range of supported software.

But hey, it all has to do with how it looks right? Thinking like that by the Linux Desktop community is why you guys still aren't taken seriously.

> What the big companies are doing are related to the infrastructure side of things and have nothing to do with the desktop

The desktop experience is not wholly separated from the infrastructure beneath it. The init system, the event subsystem, hardware management, network management, sound system, display server etc. are only abstracted in the leakiest of ways.

> Anyway, perhaps the issue is that you are conflating "Linux" with "Open Source Desktop" and expecting a central place to solve all solutions?

Unfortunately it pretty much is the only option that is even remotely viable. But mostly I focus on problems with Linux because it has by far the most evangelical community.


I am not going to be debating what exact problems you had, but I must be extremely lucky if all those years I never had any kind of showstopper critical issue that made me think "Ok, I can't deal with this and I have to go back to a proprietary desktop".

It's been at least since 2012 that I had installed Linux and couldn't connect a printer or scanner. Meanwhile my wife's laptop on windows asked to reinstall drivers every time she wanted to print something. Webcams? No problem. Wi-fi? No problem as long as I didn't try to use a chipset that was either too obscure or too new and unsupported.

The one thing that I gave up on having on my laptop is low-latency audio to connect a guitar and use software audio effect processors. But the way I solved this was by using a separate old laptop with a custom kernel dedicated to be my "guitar effect box". I still didn't have to give up my freedoms and I did not have to give up any functionality/comfort.

> But hey, it all has to do with how it looks right?

I believe you when you say that LXDE was snappier than the other Ubuntu alternatives, but were the alternatives slower than whatever version of Windows you have now? That will be very hard to believe.

So forgive me for sounding condescending, but you went with probably the most obscure and least popular Ubuntu flavor - the one that has probably almost to no funding from Canonical and maybe a handful of developers interested on it. What were you expecting, exactly?

If Ubuntu was bad for you, maybe try Fedora? If you wanted a more knowledgeable community, maybe try Arch? Why instead of sticking with your preconceptions of how things should work, you ask what are the others doing that let them be productive on a FOSS Desktop? Why is it that upon hitting difficulties your reaction is to go back to the comfort zone of a proprietary and familiar system?

> only option that is even remotely viable

We must have very different thresholds for defining "remotely viable". From http://www.daemonology.net/blog/2020-05-22-my-new-FreeBSD-la... :

"Is FreeBSD ready for the desktop? Yes and no. Yes, in that I have a very nice FreeBSD laptop where everything works the way I want. But no, in that it took me two months worth of fiddling with this in my spare time to fix some of the "glitches" which arose; while there wasn't anything particularly challenging, I expect that most people would give up long before they fixed all of the issues I ran into. On the other hand, can FreeBSD be ready for the desktop? Absolutely. I've fixed the issues I ran into — and once we have FreeBSD 12.2-RELEASE with packages built for that release the process of bringing up a GUI will be much easier, as well. The biggest thing FreeBSD needs is to have developers acquiring laptops and carefully working their way through the issues which arise; the FreeBSD Foundation has already started doing this, and I hope in the months to come they — and other FreeBSD users — will publish reports telling us which laptops work and what configuration they need."


There are projects and projects, some I got ignored as well with patch and bug info provided, others reviewed/integrated in a few days (mozilla/rust) or told I was wrong and bugs I reported were fixed another way


> > Ubuntu deciding to remove old libraries/apps that are not maintained. That's fixed via docker or just keeping an old version.

> Which is not a simple task. Why can't keeping old software be simple? It is in sane operating systems. Hell, even Linux can do it right,

I've wondered about these things, and I think the true reason is that Linux is a source-compatible operating system.

Other OS's solve this by the boring and painstaking task of assuring binary interfaces are stable and remain working. They usually do this by hiring and paying people to do it.

Linux does all compatibility at the source level, and binary compatibility is a little hit or miss. The common way to fix it is to recompile a lot of stuff.

As one example, I installed ubuntu 18.04 and it should be Long Term Stability.... but I did an

  apt-get update && apt-get upgrade
and upgraded from a 4.x kernel to a 5.x kernel. I recall all the kernel dump stuff broke


Linux has really come a long way in terms of polish, support and stability. Give it a try again!

I use Linux Mint and love it.

MS Teams, Skype and a surprisingly good list of software runs on it natively.

A Hackintosh inside VirtualBox IS a pain to setup, but pretty cool when it works. Windoz inside VirtualBox works better than ever, thanks to MS new attitude on embracing Linux.. which is still hard to wrap my head around.


You are comparing circunstancial issues with fundamental freedoms being denied.

My point is that if you are willing to sacrifice your freedom for the convenience provided by the hypercapitalistic (sic, and lol at how pathetic this term is) companies, then don't complain about the lack of choices available.

> developers don't care about stability and/or polish

Try paying them just a fraction of whatever premium you paid for your iDevice. That might help.


In my experience, people who fight against things like NM do not know what they are doing, think it's still 1990, network configuration is still static /etc/network/interfaces and then wonder why their wifi/lte modem/dns/whatever isn't working and wonder why.


It was a fresh install


Does the fact that you think alternatives suck make apple have a monopoly? Sure they have a monopoly on your desires, but that isn't a big enough scale for laws to get involved.

There are alternatives out there. So it becomes really hard to claim anti-trust.


I think it’s really easy to claim anti-trust violations actually.

Apple already owns the customer because they’ve invested in the platform, but they’re not providing equitable access to software that other platforms are. This isn’t revealed to the customer though, so it’s not clear as a user that choice is being restricted in this way.

A lot of Apple’s practices have been legal up until now due to their minority market share in all markets they operate in - but what we see those markets as is changing. The App Store is a massive multi-billion dollar industry in itself that Apple holds and exploits 100% control over.

Whether or not a violation has or is occurring is for lawmakers to decide based on whether or not the App Store (or Google Play for that matter) constitute markets within the definitions provided by local laws.


Thankfully hyper capitalism's provided an alternative, Windows, Android, or linux, and pine.

I suppose if you're a socialist you probably don't understand how it all works without a government edict giving you instructions and making sure you and your neighbor have the same marginal product.

However, even without this edict, rest assured that you can make the change without the government allowing you to... Fell free to switch.


I get that you're just venting and that's fine. But were you to run any kind of open software movement and expressing public opinions, calling people "obsessive brand fanatics" would just antagonize them and not get you taken seriously.


to be fair there are people out there that do indeed fit that description, though they are in a minority but tend to be pretty vocal, so it's easy to overestimate their numbers


I don’t think anyone really had that impression, especially since most of the macOS Forge projects got spun off. But you can’t deny they made (and in many ways, still do) good UNIX machines.


> But you can’t deny they made (and in many ways, still do) good UNIX machines.

If you mean the hardware, it's OK I guess. It still lacks basic computer features like PXE booting (unless you count the proprietary "netboot"). You can't really install much on it or use it for anything but MacOS, which really isn't that great, IMHO. For the same cost as a MacBook, I got a really nice PC laptop with double the specs that runs linux flawlessly. I can also update the CPU, GPU, and RAM, which I can't do with a macbook.


Which model is that? It used to be that way up until 5 years ago or so in my experience, but it changed to be “comparable specs with comparable price” - except that the options from Apple are very limited.


Lower spec model is comparable price but higher spec model or CTO option is still expensive. (iMac 27 is exceptional for the display)


> For the same cost as a MacBook, I got a really nice PC laptop with double the specs that runs linux flawlessly. I can also update the CPU, GPU, and RAM, which I can't do with a macbook.

My go to Laptop these days is the Lenovo ThinkPad X1 (either carbon or Yoga) very nicely built with a great keyboard, I hardly (if ever) heard the fan noise and except on a couple of models where the fingerprint driver isn't present, it works flawlessly ootb with Linux.

https://youtube.com/watch?v=v6X1-DxXBEs


I'm still wondering what Lenovo were thinking when they came with Gen8 X1.

They used Comet Lake instead of Ice Lake - that results in things like HDMI port supporting only 1.4 (i.e. no 4k@60 there). It makes their current non competitive with 2020 XPS13 or 2020 MBP13, that do come with Ice Lake.


Why should they have been?

That was wishful thinking from the get go.

No commercial UNIX was ever on open source camp, in fact they are the very reason while GCC was ignored for several years, it got a bunch of helping hands as Sun started the trend of user and development UNIX versions.

Also given NeXTSTEP heritage, UNIX on NeXTSTEP was always a means to have a foot on the DoD UNIX requirements, there was nothing open source about Renderman, Lotus Improv and many other NeXTSTEP based tooling.


AFAIK, you don't have to ship the source to be GPL-compliant, you just have to provide it upon request.


Nitpick: Not really. What you have to do is provide an offer for source code; accompanying the program, not after the fact. If anyone has not provided such an offer, they have already broken the GPL.


Also, the offer is open to any person. This is so that other people with copies of the program can fulfil their obligation by passing on the offer too. So maybe you make one GPL program specifically for Bill, you give it to Bill, and you write Bill the offer, never expecting him to care about the source code.

Six months later a teenager from a country you didn't know existed sends you an email - and the teenager would like source code please. They are legally entitled to that source code because of Bill's offer.

The written offer rule is deliberately the worst case. You should never choose GPL "written offer" with the expectation that this is reducing your work load or whatever, if you want least work just ship the source code with your program and fulfil the purpose of the GPL up front.


I believe the offer is for anyone you’ve distributed the program to. So if it was Bill who shared a copy of the program with the random teenager it would fall upon Bill to provide him with the source and not you.


Nope. The GPL expressly says "to give any third party". It's done this way on purpose.


my mistake. thank you for the correction.


The offer only has to be given to Bill, but the offer must be valid for anyone, including anyone Bill passes it on to.


What does provide an offer mean in practice? A link or instructions somewhere?


“[…] a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge.

— GPL 3, Section 6, alternative (b).

Yes, in GPL 3, a link would be enough, but the link must be already provided with the distributed program, you don’t get to only give the link only to those people who ask for it.

In GPL 2, a link is not OK, you must be prepared to send people the source code as “machine-readable copy”, “on a medium customarily used for software interchange”.


That's fine, as long as the user rights are passed along.

GPL software can be used for any purpose, you just have to pass along the rights you were provided if you redistribute it.


rootless.h is a missing system header, not a missing part of the Bash sources (the function it declares is part of libSystem.dylib; it is not part of bash). So leaving it out falls under the system library exception and does not violate the GPL.


What's in rootless.h?


It appears to be this:

https://opensource.apple.com/source/X11/X11-0.40/xc/programs...

But that’s for Apple’s X server, so maybe Bash’s is different? But I couldn’t find anything about that in a quick google search.


rootless.h in bash seems to be related to system integrity protection.

Don't know why Apple doesn't just devote 1 engineer to do something like homebrew or macports.

Their ROI just on hardware sales will be very high. Maybe all the unix guys retired or left and there are only round window corner xcode guys left.


Apple does have a handful of engineers working with/on open source projects; whether is a part of their official job duties I don’t know. But it is much appreciated. However, to the person doing open source tarballs: please respond to emails and be quicker about uploading thankyouverymuch


> whether is a part of their official job duties I don’t know

Certainly. From what I've read here on HN you basically can't publish a line of code (or even star things on Github) ob your own, presumably for secrecy reasons.


By official job duties I mean "my manager has told me to spend half my time contributing to MacPorts" versus "my manager (and my manager's manager, and their superior, all the way up the chain to the top, plus legal) has allowed me to send commits to to MacPorts even though I work on embedded platforms".


I don't know they don't ship it but bash is compiled with it.


So they're shipping a proprietary version of bash?


Of course not, that'd be a violation of the GPL. They ship their own fork/patched version of bash, whose source is on their open source page: https://opensource.apple.com/source/bash/bash-118.11.1/


So ... rootless.h does nothing? I can compile a bash without it that does exactly the same thing? That seems like it would contradict previous comments. What am I not getting?


It contains the declaration of a single function from macOS's libc. You cannot compile Apple's provided bash sources at all without it, but it's trivial to work around the missing header.


Prototypes for functions to check System Integrity Protection-related stuff.


Exactly!


> required to contact apple to even see this online help.

What's that about? The "macOS User Guide" is available online only?


The notarization check phones home before failing, which leads to the dialog. That may be what they mean.


Only if the notarization signature hasn’t been stapled to the binary.



OpenStreetMap treasurer here to jump on the tangent. Hi!

Apple's focus is on maximising profit, and ours is on maximising mapping and the width of our membership, especially after the entryism attempt last year ( https://news.ycombinator.com/item?id=19008792 ).-

We've also recently received a non-profit signing certificate from Apple through our German local chapter, and two of us are working on getting JOSM automatically signed and notarized. Our workflow is at https://github.com/thomersch/josm/blob/master/.github/workfl... and a JOSM.app built yesterday can be downloaded at https://github.com/thomersch/josm/actions/runs/214334897 .


I'm happy for OSM, that's great for you and in turn the community. But what about small open source projects? One-person projects where the idea of having several people working on securing legal non-profit status and then acquiring non-profit signing certificates from Apple is for all intents and purposes impossible? And certainly not worth just coughing up the annual $99 fee (+tax) to Apple?

$99+ every year is a lot of money to an independent open source developer who's in most cases losing money for their work. The fact that a company worth $2 trillion is demanding it - it's really beyond outrageous.


Outrageous is the entitlement of the current generations for not paying for their tools.

Many of us used to pay for every single piece of software that we had to run on top of our already expensive computer around 2000 euros on today's money.


This is a nice example of what a logician calls a false cause: your conclusion (definition of outrageous) isn't supported by your premise (how much you used to pay for kit).

It's also a straw man, since I was talking about an OS developer wanting to publish their software, and you're attempting to sink it by portraying it as referring to a consumer wanting free stuff.

The subject of your conclusion, 'current generations', is also so vague as to be redundant. Current generations who are alive? Generations of 21st century? Of modernity? Of the West?

I'm afraid this is not a very good HN post.


Like 1000 euros per year for a MSDN Professional license, or the required certification from several vendors that have to be renewed every couple years.


You don't need to spend €1000 to develop for Windows. Visual Studio Community Edition [1] is free to use for individuals, even for developing paid applications. Even if you're running a multi-developer business, Visual Studio Professional can be had for far less than €1000.

What you're referring to is the top-tier MSDN subscription, which is something that very few organizations will require.

[1]: https://visualstudio.microsoft.com/vs/community/


Community has several restrictions for any business with more than 5 developers or more than a specific profit limit.


Right, which is why I was careful to state that Community was for individuals, and Professional was for multi-developer organizations.

This is in contrast with Apple, which requires you to pay $99 regardless of whether you're an individual or a corporate entity.


Yeah, but lets not forget that community also is relatively recent, having replaced the Express editions, which were worthless beyond learning purposes, as per license.


Recently tried to compile scintilla in visual studio, but gave up figuring out how to tune all settings in the IDE and compiled with nmake instead, the make file was very transparent and hackable with everything in plain sight.


A programmer isn't exactly a freeloader. He spends a lot of expensive effort to improve the OS vendor's worth. Microsoft figured this out correctly.


Or having to pay Red Hat for support to get access to their KB, get updates, and pay separate licenses if you want any of their premium software offerings. Or having to shell out for console dev kits and game engines. And the embedded software world is even worse.

The exception is being able realistically develop for a platform without little/no expense. People really are spoiled by FOSS tooling.


That the exact purpose of all the FOSS tooling -- to make tools free, so more things can get created? Make all FOSS paid and enforce the licensing and you will bankrupt a lot of small commercial companies that rely on them too. Then really a few giants will remain.


Imagine complaining about accessible technology. Corporations can't find the bottom of their misanthropy.


This is not about paying for a tool. This USD 99 is a tax paid to Apple to be allowed to distribute the software you wrote, regardless of which tool you used to write it. It could be written with a free tool, it could be written with an expensive tool, it doesn't matter; everyone who wants to distribute software to run on macOS has to pay that tax.


You sound like the people against student loan reform because “I had to pay mine back, why shouldn’t they”. That’s peak entitlement, demanding others suffer because you did.


That's just jealousy


Peak privilege, maybe?


Entitlement is wanting stuff for free, quite the opposite.


It's not entitlement but it is harmful jealousy.


your perspective is limited IMO, for example you have small tools like a save cleaner utility for The Sims3 , some person made this tool in Java in his free time and shared it for free with the community, why should this dev pay Apple.

There are people that make Visual novels,text based games and other indie stuff(without using Apple tools most are Python,Java or Web tech) for free or a few bucks, I think they would not pay the Apple tax and either not support Mac at all or link to some instructions to workaround this limits while it is possible.


Especially since Apple should _want_ you making free tools for their platform, it directly increases the value of their systems.

How many people stick with iOS because of all the apps they like, which may not be available on Android.


Before Java was a thing, that utility would have been written in Turbo Pascal, Quick Basic, Visual Basic, C, C++ compiler, none of them available for free.

At minimum one would need the Shareware or PD disks tax to get hold of some similar compiler.


Hobbiest either used open source or some freeware compilers. The reason I mentioned Java and C# is that is easy to use for simple tools and you can support all OS, around 15 years ago I bought a book about games and c++ it had a CD with a free/gratis version of a c++ compiler (probably from Microsoft) I made some small games and shared them with my friends (I did not had to pay Microsoft a tax or ask approval)


There was hardly any open source on Amiga, Atari, MS-DOS and Windows 3.x worthy of use.


Programs in basic from those times: https://web.archive.org/web/20121021081826/http://www.btinte... and basic interpreter shipped in computer's ROM. Also https://en.wikipedia.org/wiki/SpeedScript


or use a free (libre or gratis) compiler. GNU Compiler Collection was released over three decades ago, or the BSD licensed Portable C Compiler that was initially released over forty years ago, as for Basic many operating systems had a basic interpreter or compiler built in.


When it became something usable on PCs we are already talking about past Windows 98.


I learned programming on MS-DOS with DJGPP, which is basically the GNU Compiler Collection (and lots of other GNU software) for MS-DOS. It certainly was usable (and included two free IDEs: RHIDE and Emacs), it was as good as GCC on Unix except for the lack of multitasking (which is what led me to Linux). This was long before Windows 98; the earliest DJGPP I can find is from 1994, and I had already migrated from DJGPP to GCC on Linux before 1998.


It's not mandatory tool so not a "tax".


> Outrageous is the entitlement of the current generations for not paying for their tools.

Sure, but in the case of an open-source developer working on macOS, he has already paid for his operating system; if he is using GCC, he has already paid everything the GCC developers require; why then must he pay extra money to Apple in order for other people to run his software in a straightforward manner on their machines (or, in the future, at all)? How is Apple even a party when two people wish to transact, when one writes and compiles free software on his hardware (paid for) and software (paid for) and the other runs it on his hardware (paid for) and software (paid for)?


Because traditionally compilers for a specific OS were extra pay.

Ironically that you mentioned GCC, it only came to be, because Sun made their development tools an additional payment to the base Solaris price.


You do realize the first thing most admins did after installing Solaris workstations was to install the free BSD utils?


No, because I did UNIX administration during late 90's and that wasn't a thing.

DG/UX, Aix, HP-UX, Tru64, Solaris, and some Linux boxes ironically not considered serious enough for production deployments.


Historically free software follows proprietary software because proprietary vendors can't contain their greed and mandate free software, it happened to GNU, git, nextcloud, many times over and over.


This isn’t about not wanting to pay. It’s about being forced to use a tool in spite of much better possible alternatives. If apple allowed SSL-style certification, I’m sure cheaper and better alternatives (similar to LetsEncrypt) would prop up.


Interjecting a side note - while you're here.... a building nr me, was a pub 15 years ago, then it was empty for 5 years, until it became a convenience store. It's still listed as a pub, 2 years after I, and others, have sent corrections. I'd love to love OSM but....

Apologies for the hijack...

Back to the main issue with right click.....


OSM works like Wikipedia. There's no company looking at notes, it's just volunteers. You can also do the modification yourself, it's quite easy, you just need an account.

For that particular case, if you post the URL or location I can take a look if you want.


In which case I'll make an account!

Thanks for putting me right.

So there's no point (is there?) letting any old people send in corrections, and waiting years...?


Actually doing mapping ideally requires a bit more understanding than a map user might want to acquire. So it may make sense to provide a correction and then let people with more expertise apply their knowledge to the problem, rather than stumble about and maybe make more work for somebody else.

Perhaps you notice that (as a gross example too large to be likely) the big field a few kilometres away from you that's used to fly aeroplanes isn't labelled on OSM. You don't know much about maps or aeroplanes, but it's not on there.

If you go into an OSM editor and tell it that's an airport you're probably unintentionally adding false information. Because it probably isn't an airport, there's a good chance OSM cares exactly what it is, like maybe it distinguishes controlled and uncontrolled airfields, maybe it would prefer you label the area one way, and then also label any marked runway (perhaps there isn't one) separately. There's a Wiki full of instructions about the best way to label things. Sometimes there are also local conventions, maybe the Wiki says not to distinguish uncontrolled airfields, but in your area a convention has arisen to add a specific marker for them. All this is stuff that an editor ideally should know, but a random person who thinks "Hey why isn't this on the map" doesn't know.


This is all correct but I think the default map editor does a good job of guiding newcomers for simple edits, and also lets you tag your commit for review if you're in doubt.

For small corrections (such as changing a business from a pub to a store, adding a road, naming a street…) it's perfectly accessible to anyone interested.

For sure for complex edits (like touching important objects such as airports) it's better to make a note if you're not familiar with it.


In some regions you have active mappers looking more at notes, in other areas less. Also many mappers would want to verify before applying the note ... in the end you mostly have many volunteers with their individual intrinsic motivation.


It is useful to report problems as map notes on the website. Less useful than fixing it yourself obviously, but many regions have regular mappers that look through the notes from time to time. So it helps if there are regular contributors caring about the area.


OSM Notes are still useful. But the goal of OSM is a common owned geodatabase, ie a map. I hope eventually every person feels empowered and able to make simple map changes like this.


Many (often cross-platform) apps are no longer signed, so they throw up this warning–I assume that users of these have long since learned that the warning is just something they need to bypass. macOS-native apps have largely adopted notarization and the fee that comes with it. Open source command line tools do not need to be notarized.

Interestingly enough, it seems to be possible to notarize someone else's app, so perhaps it might be a worthwhile use of my developer ID to provide this service to people I trust but don't want to shell out money…


It's important to distinguish between Developer ID and notarization. Signing an app is done by the developer. Notarizing the app is done by Apple.

If you check the code signature of a Developer ID signed app, you'll see the developer's name and Team ID from the signing certificate. This guarantees the app was signed by that developer, as long as the developer has kept their private key secure.

First you sign the app, then you upload it to App Store Connect for notarization. It's an "open secret" that Apple has allowed any Apple Developer Program member to submit any app for notarization, even if the app wasn't signed by them. Apple really wanted all apps notarized. Whether Apple will crack down on this practice in the future, who knows.

The notarization "ticket" is signed by Apple, not by the developer. I've heard of developers who discovered that someone else notarized their app. But nobody else can put their "name" on the app except the owner of the Developer ID certificate. If you Developer ID sign someone else's unsigned binary, you're presenting it to the world as your own. But that's not the case with notarization. Nobody except Apple knows who submitted an app for notarization.


> learned that the warning is just something they need to bypass

Note that I'm not necessarily arguing that training people to click "yes, yes, continue..." is a good idea. Digital security is my day job and I totally see why Apple wants digital signatures for software. However, the message is opaque about what is really going on and just tries to scare people into buying "trusted" software rather than using free software: that developer fee doesn't pay itself.

> perhaps it might be a worthwhile use of my developer ID to provide this service to people I trust

I was thinking the same, we could pool the money, but figured Apple almost certainly prohibits that "for security".


Not only is the message opaque, but it is intentionally misleading. I know the security team at Apple occasionally has trouble coming up with good explanations of what is going on, but this message really can't be looked at in any way other than being misleading, sorry. And you are absolutely right that misleading messages like these train users to click through warnings.


How is it "intentionally misleading"?


"application cannot be opened" is a false statement. It can be opened, and the user can open it, but they won't tell you how because they didn't get their bribe.


Not the parent, but:

How does a certificate let "macOS verify the app is free from malware"?


If the signed software is notarized, and the signature checks out, then you can be sure that Apple did some malware-scan-like process to the app on their server at some point(1) and that the app you’re seeing is the same one they saw.

(1) and probably a manual review if the App under analysis was found to call into any but a whitelist of “safe” system APIs.

Without the code signing, you can’t be sure that the app you’re seeing is the same one Apple‘s servers saw. It might be a copy of the app that has had a virus injected into it (which has happened quite a few times recently in pirated macOS software.)


I think we all agree on what the security benefits are, because we know what’s going on. But Apple is telling users that they can’t verify it’s free from malware, implying that all notarized code is free from malware, which is a ridiculous claim to make, and discourages people from using excellent software that Apple, for whatever arbitrary reason they like, have decided not to notarize.


> implying that all notarized code is free from malware, which is a ridiculous claim to make

How so? Even if they don’t catch malware during notarization, Apple also reacts pretty quickly to invalidate a developer’s code-signing certificate if they use it to sign apps that contain malware (as soon as Apple is made aware of that malware-app, for which they maintain relationships with both major antivirus vendors and independent security researchers.) Your computer then receives the new Apple code-signing CRL in a silent update, and won’t run the app (or any app by that developer) any more. Even if you’re offline at the moment, and so can’t contact the notarization servers to find out the app has been denotarized, as long as you’ve been online at any point since the CRL was updated, you’ll be protected. (And where does malware come from? These days, 99% of the time, the network. So if you stay offline, you’re extremely unlikely to run into novel malware anyway. And if you’re online to receive the malware, you’re almost certainly going to have received the CRL update first.)

And sure, there’s a small period of vulnerability before Apple is made aware of new malware; but most malware infections are not from zero-day malware, but rather from malware that’s been going around for a long time already. (And I believe they also push ‘disinfectant’ logic in those same silent updates that update the code-signing CRLs, same as Microsoft does with Windows Defender. So the usual “join a botnet, hijack your browser” kind of malware can simply be reverted.)

Plus, there’s the whole System Integrity Protection thing, meaning that macOS malware can’t really do anything to permanently subvert the Gatekeeper infrastructure, since it lives in the “untouchable” root partition. (It could do something clever with a system extension, but as of Catalina you have to explicitly activate those in the Security preference pane; and probably, as of Big Sur, you won’t be able to activate them at all.) So it’s only people with SIP off (i.e. system extension developers; Hackintosh owners) who would even feel any sort of “deep impact” from any of this malware. Meaning that macOS malware authors basically don’t bother to try to “deeply embed” their malware into the OS, given that the process will only actually work on a tiny fraction of systems.

Anyway, all that being said: it’s not like Apple said they can’t “guarantee” that the app is free from malware, implying that signed+notarized apps would be guaranteed free from malware. They just say they can’t “validate” that the app is free from malware, implying that the apps that don’t show this warning have been “validated” by Apple—i.e. audited, to the best of their own abilities and current knowledge. Signed off on, like a home inspector signs off on a house. And that’s exactly the case. Apple has “validated” those apps. That doesn’t translate to some technical guarantee of safety, like running the app in a VM would give. It only translates to “you can trust this app to the degree that you trust Apple’s validation process.”

It’s exactly the same claim that Chrome and Edge are implicitly making when you download software through them on Windows: the software gets “validated” by Google/Microsoft as not containing malware to the best of their knowledge. It’s an antivirus signature scan, combined with a trustworthiness heuristic based on whether the developer was willing to sign their software. The only difference is that, in Apple’s case, the “antivirus scan” part happens on a server somewhere, asynchronously, rather than on the client. But it’s the same level of effective security.


I think an important corollary is that if a binary is signed and does turn out the be malicious, there's a path to comeback on whoever submitted it. The signing/notarisation process creates a chain of responsibility.



Because it says the binary is damaged/malware/sketchy and that is not correct.


It doesn't say that. It says that it can't verify the developer, and can't verify that the software is free of malware. It's just some arbitrary piece of software, could be written by anyone, and/or could be software that purports to be Word or Photoshop or whatever, but has been modified.

Granted, you could quibble with the details (does pointing out that you can't verify that it's free from malware imply that you could verify that it's free from malware if there were a certificate?). But calling the message "intentionally" (!) misleading?


> imply

> misleading

I... don't think misleading means what you think it means. Misleading statements (pretty much by definition) don't imply falsehoods. They "merely" "suggest" falsehoods to those who don't already know better. If they intentionally "implied" falsehoods then they would be called "lies", not "misleading".


One of the possible warnings you can get literally has "[App name] will damage your computer. You should move it to the trash" in the dialog that shows up. There's a bunch of these, all of them pop up for various GateKeeper/Notarization shortcomings, and none of them actually seem to ever really tell you what the problem was.


1) I searched the article for "damage" and "should move" and didn't find it, so either it was in a screen cap (but I didn't find it there, either) or you meant "literally" in the new sense of "not literally".

2) Apple documentation [1] says (my highlight) "The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly."

Is the claim that Apple is not actually scanning notarised software for malicious content?

3) Random unsigned apps presumably have not been scanned, and might contain malware. I still fail to see the problem, or what's misleading (and "intentionally" so!).

[1] https://developer.apple.com/documentation/xcode/notarizing_m...


I put quotes around it because that is the exact wording it uses: https://www.google.com/search?q=will+damage+your+computer.+y.... You may note that among the apps shown there is LibreOffice and somebody’s issue on GitHub saying they were getting it when creating their Electron app.


> Is the claim that Apple is not actually scanning notarised software for malicious content?

No, the claim is that just because Apple _hasn't_ scanned some particular piece of software for malicious content, that doesn't necessarily mean it _does_ contain such.

> 3) Random unsigned apps presumably have not been scanned, and might contain malware.

Exactly: they _might._ But popping up big hysterical warnings about it strongly implies, particularly to less technically well-versed users, that they_ do._

> what's misleading (and "intentionally" so!).

Strongly implying something that is obviously not true, that's what's misleading. In fact, AFAICT, that is the very definition thereof. And unless they're putting stuff they didn't intend to say into the dialogs they pop up, then yes, it is obviously intentional. Is the claim that their dialog text is un-intentional?

> I still fail to see the problem

Two hoary old quotes (or is the first a proverb? Maybe literally, from Proverbs) come to mind:

1: Nobody is as blind as he who does not want to see.

2: It's hard to make a man see something he doesn't want to see, particularly if his salary depends on him not seeing it.

(Personally, I do data warehousing / ETL programming for a living; currently at the Finnish Social Security Agency.)


It doesn't seem like they verify every app to ensure it is free from malware. Since they respond in the affirmative if they app is signed (by not warning), it seems reasonable for a lay person to believe that an app that doesn't throw this warning is free of malware.


"The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly."

https://developer.apple.com/documentation/xcode/notarizing_m...


How many lay persons do you reckon will have read that?


It doesn't really matter because they already explained the justification.


They couldn’t verify it’s free of malware no matter how much scanning they do. That’s not quibbling with details, it is the fundamental claim that Apple is making.


Scaring people into buying software through the App Store is of course precisely the goal of the scary dialog.


> but figured Apple almost certainly prohibits that "for security".

I don't think so, the concern would be revokation, if someone does a bad thing and Apple pulls the cert your entire friends would lose access.

I wonder if it would make sense to do ring-based instead (r0 being most trusted)


In my day job, I work on a relatively large open-source non-GUI application

macOS is becoming an increasingly difficult platform on which to release software. We're going down the notarization rabbit hole (which is a nightmare), but given that we don't fit on the App Store, it's very obvious that Apple doesn't want us on the platform.

My suspicion is that they will eventually charge $$$ for a "developer unlock" on Apple Silicon, a move that I think will make both Windows and Linux look increasingly attractive to developers.


If developers move from Apple to Windows because of this, they haven't learned from their mistakes.


Yes, I've found code signing on Window is a lot more hassle than on macos. You still need to pay for the certs as well. The only distinction is the scary warnings on Windows come slightly earlier.


Which developers? There are plenty of us that don't care about UNIX.


Microsoft with WSL2 is pretty much ready to go for the jugular IMHO.


Windows Update 2004 made the experience even smoother on my XPS 15.


Unfortunately, it hasn't fixed the problem with running VirtualBox using the hypervisor platform/virtual machine platform (I forget which) while hyper-v is enabled: sha sums (and other hashes like whirlpool, md5, etc) don't work properly. Meaning I can't use wsl2 and VirtualBox. Or use the Android emulator and VirtualBox. And yes, this seems to be a obscure issue that's hard to research (`Intel SHA extension` and `/etc/gcrypt/hwf.deny` may help); I've had to look this up three times now because I keep doing it in private browsing mode or on another device/browser.

Don't mind me, I'm just annoyed that Microsoft won't add support for ssh-copy-id.


Same here. My terminal/neovim setup feels very close to what I run on a native Linux machine. A huge step up from WSL1, imo.


I agree. Coming from Windows, preparing an installer for macOS is insanely complicated, a huge consumption of developer time.


Please note that Apple's linker will automatically ad-hoc sign binaries if you aren't using a signing certificate so there is no impact to package managers or any other forms of building software to run locally. Xcode already automatically opts such software out of GateKeeper checks when built from the UI. Similarly adding Terminal to the Developer Tool category in System Preferences will do the same for anything you run or build there.

I should also note directly launching the binary inside the App bundle from Terminal bypasses the UI dialog. The assumption is you know what you are doing in that case.


You can run your own binaries locally because they do not have quarantine flags, not because they are locally signed.

You can also remove quarantine flags from anything you download and after that you don't have the right click option either.

For example:

    xattr -dr com.apple.quarantine ~/Downloads/Absolutely-Not-Malware.dmg


The comment you're replying to is confusing because it's been copied out of context from where it was originally posted, which as a discussion of a mandatory signing requirement on Apple silicon.


Thanks for the correction.

Yes I see now what you mean and with that background Xenadu02's reply does make a lot more sense.

Don't have access to a Apple Developer Transition Kit, so was not aware of the new requirements.


There's a segment of open source users who understand these messages and aren't necessarily dissuaded by them. I make an open source app for merging audio files in iTunes/the Music app. The userbase are people who are technical enough to install Homebrew, (generally) use iTunes scripts, and manage Gatekeeper warnings, but not so determined as to replicate the app's functionality with their own set of shell scripts. https://www.davidschlachter.com/misc/trackconcat


In addition to paying the Apple Developer Program fee, you as an open source or hobbyist developer are required to sign a legal contract with Apple in order to be able to code sign your software. This can be even more problematic than the fee.


>This makes me wonder how open source is supposed to work on macOS.

It isn't. Apple's view of the world is that computer users are non-technical consumers who need to be protected from others and themselves, and that Apple are the ones to offer that protection. Open source is antithetical to this view because it puts the responsibility on the user, which is the last thing Apple wants.

I can sympathize to some extent with this view. There's obviously a large (perhaps majority) share of computer users who it describes - just not small/independent developers/hackers. Those users are better served elsewhere.


I've got to say, I think your proposed message is considerably less clear than the actual one.

E.g., a reader would have to understand the perspective of the developer to even start to guess what that might mean. (Why would a developer pay or not pay $99 to Apple for verification? How do the implications of that affect my decision to run this program?) It would be pretty much meaningless to the average non-developer user.

I agree the price of notarization should be a nominal incremental cost. I don't know if there are many level 3 people doing MacOS development, but if so, there needs to be a cheaper price for them. (The numbers of level 1 and 2 MacOS developers must be practically nothing.)


Apple is an aspiration selling company.

>>I also can't imagine $100 is easy to come up with in countries below level 4[1]

Someone who is developing for Apple platform in specific, has already spent ~$1000 in devices. Say they couldn't afford to build explicitly for Apple[1], they instead develop for web using a Raspberry Pi and try to leverage smartphone capabilities using PWAs; Alas Apple throws in hurdles there as well so that your PWA doesn't function properly on Apple devices[2].

I get it, perhaps this is part of Apple's aspiration i.e. 'You should deserve to be part of the Apple ecosystem' which is enticing to its customers.

But what's overwhelming to me is, Apple's blatant hypocrisy.

Exihibit -1: Data

Apple calls Google by name, questioning its business model around data and proudly calims 'they chose not to do business with data'.

Then why does Apple advertise its products using Google Ads?

So, it's like 'I will call out dirty work, but I will use the results of that dirty work for my own advantage'.

Exihibit -2 : Values

Apple claims itself to be the beacon of human rights.

a. We know Apple was included among list of other companies supplying user data for snooping in the documents highly regarded to be genuine.

b. We know Apple actively cooperates with an autocratic regime and its highly publicised 'Privacy features' isn't applicable there. But, Apple never includes 'USA only' when it advertises it's 'Privacy'. More over when confronted with proof of Apple's platform being actively used for exploitation of minorities, it outright downplayed/dismissed the impact of it.

[2]https://ionicframework.com/blog/is-apple-trying-to-kill-pwas...


Someone who is developing for Apple platform in specific, has already spent ~$1000 in devices.

Ignoring the fact someone might have been given a Mac by someone else, or bought one second-hand for less, or that they might be working on a computer they don't own themselves, why is it that someone who can afford $1000 for a Mac can automatically afford another $100? Surely there has to be an amount that you assume they can't afford, right? If they can afford 10% more then why not 15%? Or 20% or 100%?

You're applying a sort of reverse of Zeno's Arrow[1] to affordability, and I think shows a distinct lack of understanding of how money works when you don't have all that much of it.

[1] https://en.wikipedia.org/wiki/Zeno%27s_paradoxes#Arrow_parad...


Also, it's $100 each year, right. I was thinking me too that that can be a lot if compared with a 2nd hand macbook.


I have two macs. Main is a 2013 macbook air which cost £999 (work bought it), so £140 a year. Second is my own mac mini from 2012 which cost £500, so £60 a year.

My main machine is a linux one. Costs nothing to write software on that of course.

I get the feeling that developers who 'came of age' in the last 10-15 years will slowly discover RMS was right all along.


>why is it that someone who can afford $1000 for a Mac can automatically afford another $100

Someone who has invested in ~$1000 specifically to develop applications for Apple ecosystem has to invest $100 to release the application, that is the overall context of my statement in that sentence.

>You're applying a sort of reverse of Zeno's Arrow[1] to affordability, and I think shows a distinct lack of understanding of how money works when you don't have all that much of it.

Cherry picking part of my sentence to make a statement, then claiming to throw insight about my understanding of how money works based on how much of it I have seems like using your own logical fallacy intentionally to make an ad hominem argument.


PWAs are terrible, but that debate has nothing on the real gem here:

> ...Then why does Apple advertise its products using Google Ads?

Congratulations, this cracks top 5 oddest Apple hater argument ever posted in this land of many of 'em.


Interesting to see PWAs being proposed as the ultimate alternative on HN all the time. Questions of quality etc. aside it's essentially Google's platform that they're pushing for via standards that benefit them and their goal of the web as a platform they control. While Apple wants dominance over their walled garden, Google wants total dominance over the web.


> PWAs are terrible

Why again? In the world of silos and proprietary platforms it's an absolute godsend that PWAs even exist.


You know, I grew up in USSR. There were no western made cars, only soviet ones: Ladas (based on 40 years old FIAT), Volgas, the dreaded Moskvich or Zaporozhets. Volgas were for the elite and not really accessible for the ordinary citizens, so Lada was it. And it seemed to be a fine car—because you did not know any better. Yes you had to reassemble it yourself after you bought one to make sure it does not fall apart on the road, but otherwise the seemed fine. That's till the USSR collapsed and western old cars markets got accessible. Almost all soviet cars were replaced by the old, mostly German, ones. Why? Because poeple saw the differenece. And the saw that even 15-20 years old Audi, BMW or Opel were still waaay better than brand new soviet crap. So yeah, there are thing that may seem fine till you hava a chance to compare them to the truly fine.


Hate is a very strong word, something which I wouldn't give a private business luxury of buying from me.

If you could give a justifiable answer to what you've quoted from me, I'm all ears.


Google has a functional monopoly on online advertising, so you’re options for online advertising are google and Facebook, or ad companies that primarily have scams. Seriously it’s just google, Facebook, and then things like taboola, and the most popular sites on the web are 100% google ads only.

Apple’s alternative to google ads is essentially no online advertising.


You forgot about your Apple watch and phone being made by tiny human slave robots in china.


It mostly doesn't. That is 20% because of bullshit like this and 80% because Apple deprecates, removes, changes and otherwise encumbers their operating system so much that keeping track of it all is a full-time job.


Could that be turned into a little funding opportunity?

"Here are the sources, here are the binaries, here you subscribe to get access to signed binaries that run without the scare quotes"


I've seen a couple projects do this by publishing a Mac App Store version. Completely identical to the open source release, but it pays the Apple tax to run without warnings, and it gets App Store-powered auto updates.


The developer who signs the software is thereby taking legal responsibility for the software, and taking the blame if anything is wrong with it. That's not a good risk unless you're signing for someone you trust completely.


It also might be tough to run as a business because it's quite possible the first time you sign someone else's malware, Apple's going to revoke the notarization of all the apps you've signed (which would be for other paying customers).

Not to mention it undermines the purpose of notarization, so if it became popular enough they'd probably just squash it.


That would be true for rubberstamping-as-a-service, a weaker version of running a rogue CA. But project maintainers getting themselves an Apple ID and recouping that cost + x (hopefully) via non-gratis signed binaries wouldn't have that problem at all. Or of they did (malware sneaking into their artifacts), a lost Apple ID should be the least of their concerns.

There'd even be a conceivable but unlikely scenario where some automated scan deep inside the Apple publishing pipeline would detect an otherwise undetected malware intrusion in some upstream dependency or badly vetted commit and thereby indirectly protecting the users of the unsigned copy, by acting as a canary.


How much does that actually change liability vs building and distributing unsigned? Signing has no legal implication other than lowering deniability. What's added is the contract with Apple. Is that such a minefield?


You can still disable Gatekeeper with:

sudo spctl --master-disable

This removes all of these dialog boxes entirely.


I publish a CLI app for many platforms, including osx, on GitHub. Using the cross-compile feature of Go it just spits out a binary that Macs can run from a Linux build host. I don't own a Mac so don't see what my users do.

Does this change affect running unsigned binaries from the terminal?


I've never had an issue running binaries written in Go I've compiled myself. From what I've experienced, only appears to affect .app binaries.


> I also can't imagine $100 is easy to come up with in countries below level 4[1].

Apple has as low as 0% penetration in those countries. The market has solved this problem. They still use technology; there are alternative platforms. Android, Windows, ChromeOS, KaiOS, and desktop Linux (which has as high as 5% market share in India) are cheap to use and develop for. It was always going to end up this way. There's the brand for the haves and the brand for the have-nots. Although even people on welfare in the United States have iPhones, consider that they're still the elite in global terms.


> or whatever it is that Apple does with that money

What they primarily "do" is have an identity to sue or pursue in case of issues. That keeps everyone in line.


Aren't the new ARM macs going to support Docker in a nice way? Wouldn't that solve it? You can have what you want in your Docker, Apple can do whatever it wants (short of blocking the Dockers essential capabilities of course) to isolate said Docker.


But then you have to use Docker. It’s be nice to have something like that on iOS where it’d be an improvement, but on macOS, it’s a step down in a sense.


Just like it worked on any commercial UNIX, FCC's rise to fame was thanks to Sun no longer offering Solaris SDK as free beer.


[flagged]


You can buy a Mac once. The fee is every year in addition to the cost for a Mac. You can even rent access to a Mac if money is really tight


You don't need a Mac to develop software for macOS.


Don't you? A few years ago I wanted to figure out how to cross-compile into macOS without ever actually using macOS. Is that possible now?


Many POSIX-y applications will mostly work on macOS, to the point where you might ship in a package manager or something and can probably help with a segfault or two but have never touched a Mac.


I know Rust specifically supports compiling for Mac from Linux.


Doesn't rust support cross compiling to/from any supported platform?


Yes but details can get in the way. While every compiler is a cross compiler to any platform, that doesn’t mean that the platform libraries are available or that there’s a linker. For example, the MSVC target uses link.exe, and that only runs on Windows, so cross compiling to the MSCV target doesn’t work in practice even if it could in theory. You can cross compile to the GNU target for Windows though.


Open source projects sign their Apps like anyone else. Works fine.

They do the same on Windows of course and on Linux package managers.


Is there any Linux distribution charging an yearly fee for package signing?


Android? (Mostly joking, but it is Linux-based even if not a regular distribution and iirc Play Store "vetting" costs money as well.)


I don't think F-Droid costs money


Android is a one time $25


In my experience, open source installers for windows are mostly not signed. But windows has a button to let you run them though.


Windows 10 also does it's best to try and stop users from running unsigned code, by making the UI complicated.

When Windows 10 finds an unsigned installer it shows a dialog with a Don't Run button and as the name suggest clicking that button does not run the installer.

To run the installer the user needs to first click on the More Info link which will then present the user with an option to Run the installer.

Here's an example: https://www.zeusedit.com/images/zeus_install.png


Windows signing isn't centrally managed through Microsoft, which is an important distinction I think.


IIRC, the CAs Windows trusts charge absolutely ridiculous amounts of money, unless something has changed recently.


Which CAs are available for Windows, and how much do they cost, out of curiosity? Not a Windows developer.


Certificate Authorities trusted by Microsoft for the purpose of Code Signing would need to issue you a certificate with the appropriate EKU (Extended Key Usage, saying this is for Code Signing). Technically a user could add some CA you span up for this purpose to their Windows install, but if you're going to all this bother you could just get them to click past the warning of course...

The CCADB can tell you which CA roots are trusted by Microsoft for this purpose:

https://ccadb-public.secure.force.com/microsoft/IncludedCACe...

You're looking for a CA which has Microsoft Trust Bits including Code Signing, and Microsoft Status of "Included"

Price: A couple of hundred bucks per year. Vendors with very well known brands like DigiCert's "Symantec" brand (famous despite the fact Symantec actually ran their CA so terribly they ended up selling the brand to DigiCert... the CA they'd operated was distrusted) maybe $500 and year and higher. But your users don't care about the brand, so pick a cheaper product like Sectigo's they work just the same.

It's a little more expensive if you want "Extended Validation" aka "EV Code Signing". If you write Windows kernel drivers you need this, otherwise it might only make the UI shown to inquisitive users nicer so don't bother unless you hate money.

NB. Yes ISRG (the people behind Let's Encrypt) are trusted by Microsoft but no they aren't trusted to provide Code Signing certificates, even if they wanted to, which they do not.


My boss doesn't want to pay for a certificate so now all my Windows 10 users (we still have some Win 7 installs out there and even a couple XP) never update my ClickOnce apps.

And this is why out of spite I developed "ClickTwice". It's certainly not as good as ClickOnce but least I ensure they use the latest version of the apps I dev.


I paid $240 for a four year certificate in 2017. I think the maximum length is three years now though.

KSoftware has a really good reputation.

https://www.ksoftware.net/


I’ve been using Tucows for many years. They resell Comodo code-signing certificates for ~75$ / yr (less if you buy multiple years)


Most CAs can do this. It's not restricted.


Certum seems to be reasonable for open source code.


Who pays the apple tax?


Anyone who volunteers. Same answer as "who writes the software" or "who buys the development hardware".


Like all other legitimate software on MacOS; they get a developer account and distribute it via the app store.

For years, Windows got laughed at by EVERYONE because there was so much malware on it - in part because of its laissez-faire approach to letting the user install anything from anywhere.

Mac went for the closed garden approach and there's hardly any malware, adware, scareware or whatever -ware you can think of on the platform, which is one of the reasons why Mac is safer and considered to have a better user experience.

Curation is not a bad thing. And if an open source application wants to become popular for the masses - not the HN power user crowd, which represents only a small percentage of potential customers - they have to conform to its rules.

Likewise, they will want to be available through the Windows store as well.

Using the tools and platforms offered by the OS developers is the lowest friction option for installing software.

As for poorer people and countries, isn't this where the open source charities come in? Isn't this where the big FAANGs - including Apple - and the investors and everyone that earned billions off of software should come in? I mean come on, it's only $99.


The substantial lack of malware in the Mac world pre-dates the Mac AppStore, and numbers have not changed significantly since the introduction of that and/or Gatekeeper.

Gatekeeper is a commercial boiling-frog lock-in strategy sold as a security feature nobody asked for.

> open-source charities

Open-source, as a term, was invented in order to sell what was then called Free Software. It has nothing to do with charity.

> Curation is not a bad thing

Apple does little or no curation on the Mac AppStore, because the amount of developers using it is still relatively low.


> ... in part because of its laissez-faire approach to letting the user install anything from anywhere.

This comment makes it seem like installing software outside of a curated store is responsible for security issues, but this is exactly what Linux and other like OSes do. You can install apps from anywhere and I'll wager you'll find less malware, adware etc. for them in the wild, than the Mac. Granted usage of these platforms as a Desktop is way lower making it a less attractive target for bad actors, but much of it owes to inherent OS design.

> And if an open source application wants to become popular for the masses - not the HN power user crowd, which represents only a small percentage of potential customers - they have to conform to its rules.

Open source applications have been popular with the masses way before the curated store app store model came into place. Publishing on an app store has a good chance for increasing outreach, but it should not make distribution and installation of applications in the classical way more cumbersome, should the user so desire.


Most standard Linux repos are highly curated, with even distro specific patches and stuff.

The difference is that there is no rent seeking and you can choose your curator.


> As for poorer people and countries, isn't this where the open source charities come in? Isn't this where the big FAANGs - including Apple - and the investors and everyone that earned billions off of software should come in?

It would be hilarious if Facebook, Apple, Google, Microsoft, Amazon, Netflix, etc. decide to start a charitable foundation which just deposits $99 checks into Apple's bank account. They should do it. I wouldn't be able to stop laughing.


>Curation is not a bad thing

Curation, in the sense that Apple uses the term, is a bad thing because it creates a false sense of security. It blurs the line between protecting users from security threats and protecting Apple's business interests.

If Apple was truly interested in protecting users, they would keep these things separate as much as possible.

But they're doing the exact opposite. They keep mixing these things up as much as they can in order to shield their questionable business practices from scrutiny.

On top of that, the iOS side-loading ban is clearly aiding and abetting human rights violations.


> Like all other legitimate software on MacOS; they get a developer account and distribute it via the app store (...) I mean come on, it's only $99.

So small utils and stuff, smaller open source projects etc. are not legitimate? Or should they shell out $99 extortion fee to have the pleasure of giving stuff away for free? This is just one of thousands cuts that will kill traction for Mac software.


You know that you could install on mac anything you wanted before appstore, and they were similarly malware free as now with appstore


What about Android vs iPhone malware levels? I believe there’s a lot more Android malware than iPhone/iPad.

I mention this since these stores are more comparable in size than Mac v Windows.


And yet people would vomit blood being asked to pay $99 for an app.


As you say it already worked great for preventing malware. No reason to make changes like they are doing.


It seems like the right balance. As the author says:

> As a Mac developer, it's nearly impossible to run a viable software business when this is the first-run experience of new customers. You'll never get any new customers! This is why every Mac developer I know signs up for Developer ID and ships only signed, notarized apps. It would be financial suicide to do otherwise.

If you have hung your shingle out to make a profit, then the developer account, signing, notarizing, etc. is a cost of doing business, and you can easily justify it. The more customers you get, the more money you get, so you are motivated to reduce the first-run friction.

If you are not in it for profit, you probably have a lot more tolerance for a little first-run friction, and having users drop out of the funnel. Fewer users does not affect you financially. As a hobbyist programmer, I wouldn't care. I'm just releasing a program--not looking to dominate a market.


I appreciate this view except for the last point. As a hobbyist programmer, I am not "just releasing a program". I am usually "helping solve user's problems". And if my solution requires users to go through even more problems before they can use my tools, that's problematic.

I don't need to many money on my side projects. I do, however, want to help people. If I can't help people on a Mac because of the install friction, then it isn't worth my effort to create a MacOS port of my software at all.


> the developer account, signing, notarizing, etc. is a cost of doing business, and you can easily justify it.

But what if I'm not doing this for profit? Can Nirsoft or Mozilla apply for a waiver? Can I? We may not be looking to dominate the market, but it would be a shame if our work just went to waste because people would rather pay for something crappier that is closed source rather than our free (as in freedom & beer) software.

(Yes, Mozilla is a huge project where it isn't worth employee's time to apply for a waiver, I just needed at least one name that people know is a non-profit software developer as an example.)


I would generally like my open-source software not not be marked as malware.


I would generally like my software, regardless of it is open source or not, not be marked as malware when it is not malware.


Sure, but I picked that specifically because it seemed to be what the parent comment was talking about.


Is there any automatic way to tell your software apart from malware?

Because that's part of what this mechanism tries to provide...


> Is there any automatic way to tell your software apart from malware?

There is no universally agreed-upon definition of malware. One man's operating system is another man's malware. For me, an operating system that "calls home" for each new executable you compile is a crystal clear case of malware. In the case of this article, then, the only malware in question is macOS.


Plus like this little thing by a guy named Turing…


If an Apple engineer were to compile a variant of Apple’s notarization algorithm where ok means no and no means ok, would the resulting binary notarize its own source fed into it?


Well, if the mechanism is e.g. a blacklist of APIs that shouldn't be used, and a blacklist of known malware hashes (as is the case), then Apple's "is this malware" routine could trivially print "no" for itself.

Sorry to the grandparent, but this is nothing like the halting problem...


This already exists and it is called XProtect. My question through these threads has been "why does notarization exist" and I am still trying to understand why it does, because every answer I have been given simplifies down to "here is a reason that it should exist…wait, that's just what code signing or Apple's built-in MRT does already".


Nothing is calling home when you run a new executable. You're not understanding how gatekeeper works. It works entirely offline without network access.


Dude, just try it.

Close your browser and monitor your network traffic. Compile a hello world with a unique text string. Run it. It calls home the first time you run it. Then it doesn't.

If you are not connected to the internet, it does not call home indeed.

Here is a concrete description of this experiment: https://sigpipe.macromates.com/2020/macos-catalina-slow-by-d...

I just reproduced it on a newly installed macOS 10.15.6


>There is no universally agreed-upon definition of malware.

Doesn't have to be. Just the common user's definition is OK.

>For me, an operating system that "calls home" for each new executable you compile is a crystal clear case of malware. In the case of this article, then, the only malware in question is macOS.

Which is neither here, nor there.


In theory no, that's impossible. In practice, I publish checksums on my website and people trust that I am not malicious.


I'd rather also have a party in whose interest it is to not get malware on their operating system confirm your claim that your software doesn't contain malware.


> I publish checksums on my website and people trust that I am not malicious.

Users who know how to verify checksums know how to work around unnotarized Mac apps.


It would be nice if the OS automatically verified these checksums. That would have been a nice OS X feature, but instead Apple ignores the verification process that already exists and invents their own, with themselves in control.


>with themselves in control.

That's the whole idea to protect from malware. You don't want the software publisher (which could just as well be a malware publisher) in control.


>In theory no, that's impossible

It's impossible in the general "is this file malware?" case.

It's totally possible in the "is this file a copy of known malware?" case.


The thing is, your friendly scammer could also publish checksums on their website.

It is clear to you that you're writing fine open source software, not malware. But how is the consumer supposed to tell?

If people trust you, why bother with the checksums? (Over HTTPS, the downloaded content cannot be tampered with. If someone tampered with the content on your website, or performs a MITM, they can also replace the checksums.)


The checksums are there if they happen to grab the binary in some way that is not "using HTTPS directly from my website" and they'd like to check. Why do the know I'm not writing malware? Trust in my software, mostly? It is unclear that notarization actually stops malware–Apple has failed to explain how it helps, but enforces it by decree.


Pretty easy to figure out what's going on:

1. You submit your app bundle and your credentials to Apple for notarization.

2. Apple records your information and goes through each library, framework, and your code, checking the code signing info and "fingerprint" of each for known malware.

3. Apple issues the ticket for stapling to the app bundle.

Now say, for example, that libffmpeg-0.1.2-beta2.dylib is found to mine cryptocurrency:

1. Apple goes through their database and finds the app where the malware was reported.

2. Apple marks that fingerprint as malicious.

3. Apple now flags any other apps that use libffmpeg-0.1.2-beta2.dylib (by checking the fingerprint) and disables any versions of any app running that version. Additionally, any other attempts to notarize apps with the malicious dylib are rejected.

Notarization provides 2 major benefits for devs that I can see:

1. Apple doesn't need to revoke your entire certificate just to block one version of an app.

2. Apple's audit trail of who notarized the app (and from where) prevents cases where stolen credentials result in a DoS of the victim (e.g. your account being locked, your name and address permabanned, and funds frozen).


I'd be interested to see the track record since they implemented notarization. How often has it caught malware, both before and after the fact? I haven't seen any headlines about e.g. a popular application failing to launch one day because Apple found a miner in it some time after initial notarization.


Why can’t Apple just push that through XProtect?


They can do that if they’ve obtained a copy of the specific binary with malware. But with notarization they can proactively scan for things that look like they might be malware, and follow up with either automatic rejection, or approval followed by manual inspection.


Ok, I guess that does make sense. Still, it does have the drawback that all distribution must go through Apple, and you need to now need to pay to develop software for the platform :(


Why not do both?


Because notarization has the very concrete downside of costing money to do, plus the fuzzier steps of it being a fairly complicated and often picky/opaque process to have to deal with when shipping your software.


I would generally like my malware to not be marked as malware.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: