> Self-signed applications are treated as if they're radioactive by macOS, too.
But not if you turn off Gatekeeper! I can understand how this is annoying if you're creating apps for other people, but in terms of my own personal experience with my computer, the only time I think about Gatekeeper is when I'm talking about it on HN. It gets turned off as part of a bash script I run after installing macOS, at which point it's gone for good.
On my list of annoyances with macOS, Gatekeeper is somewhere below the Library folder being hidden by default. I can't say what Apple will decide to do in the future, but I have a very clear line in the sand, and Apple has absolutely not crossed it.
Gatekeeper-by-default is sensible IMO. I've seen how some people interact with these devices, and how easily malware gets on a computer.
As long as the walled garden can be easily circumvented, advanced users can do what they wish. "Able to learn about Gatekeeper and decide if they should turn it off" is probably an okay heuristic for "can tell a fake Flash installer site apart from a real one" or even "knows that Flash is pretty much abandoned, do everything you can to avoid it".
That said, it absolutely changes the incentive structures, and Apple is also doing it for profit. Will they cross the line in the future, with this goal? I expect they will conclude losing the advanced users would be a net loss.
> As long as the walled garden can be easily circumvented, advanced users can do what they wish. "Able to learn about Gatekeeper and decide if they should turn it off" is probably an okay heuristic for "can tell a fake Flash installer site apart from a real one" or even "knows that Flash is pretty much abandoned, do everything you can to avoid it".
That's exactly how I see it! And this mentality continues throughout the chain, too—if you want to actually install unsigned kernel extensions, or inject code into other processes, you need to boot into recovery mode to disable SIP. This is still not at all onerous if you know what you're doing (and, like Gatekeeper, you only need to do it once), but it's definitely a next-level test for next-level privileges.
IMO, the way Apple designed this process is brilliant! And that's why I'm not personally concerned by the boiling water argument, at least not yet—whatever Apple's incentives, the current setup strikes me as the best way to handle things.
All of that said, where I am starting to get annoyed is with the root snapshot stuff in Big Sur. Having to reboot every time I want to edit a system file is a clear progression from "trivial speed bump" into "consistent pain-in-the-ass" territory. If you want to talk about Apple locking down the Mac, I'd start there!
Can't you still go through the song and dance of disabling SIP and authenticated root and then editing the root snapshot? It's incredibly annoying but should still work, right?
Generally things don’t like it very much when I lie to them about what OS they’re running on; I try to set the version just before opening Xcode and fix it then right after I’m done submitting the app so my computer isn’t confused. More than once that has been long enough for Software Update to get confused and offer me a new build :P
The problem is that it makes it clear that the market for third-party software is completely at Apple's pleasure.
If Apple chooses not to issue me a Developer ID, they have effectively removed 95%+ of my market.
If this is because I distributed malware, that's reasonable. But there are a lot of other reasons why Apple might choose to revoke a Developer ID. (Think pressure from the state, for one.)
I also feel like in the spirit of the OP: it’s like telling customers that they can drive without a seatbelt and it will save them time getting in/out of the car.
Most will look at you like you’ve got three heads, and (I suspect) the majority will simply walk away without purchasing.
But not if you turn off Gatekeeper! I can understand how this is annoying if you're creating apps for other people, but in terms of my own personal experience with my computer, the only time I think about Gatekeeper is when I'm talking about it on HN. It gets turned off as part of a bash script I run after installing macOS, at which point it's gone for good.
On my list of annoyances with macOS, Gatekeeper is somewhere below the Library folder being hidden by default. I can't say what Apple will decide to do in the future, but I have a very clear line in the sand, and Apple has absolutely not crossed it.