Mac OS calls home every time you execute an application.
Apple is well on its way to ensure you can only run things they allow via app store, they would probably already be there if it wasn't for the pesky EU.
If you send your computer/phone to Apple for repair you may get back different physical hardware.
Those things very much highlight that "your" Apple hardware is not yours and that privacy on Apple hardware does not actually exist, sure they may not share that data with other parties but they definitely do not respect your privacy or act like you own the hardware you purchased.
Apple marketing seems to have reached the level indoctrination where everyone just keeps parroting what Apple says as an absolute truth.
They send a hash of the binaries/libraries, and generate a cache locally so it's not sent again. That helps stop you from running tampered-with binaries and frameworks. No user-personal data is sent.
There is no evidence at all that they are trying to ensure you can only run things from the App Store - I run a whole bunch of non-app-store binaries every single day. To make that claim is baseless and makes me de-rate the rest of what you write.
There is always a trade-off between privacy and security. This still falls well under the Google/Android/Chrome level, or indeed the Microsoft/Windows level with its targeted ads, IMHO.
My understanding is that they keep a local file with known malware signatures, just like the malware scanners on every other platform.
> macOS includes built-in antivirus technology called XProtect for the signature-based detection and removal of malware. The system uses YARA signatures, a tool used to conduct signature-based detection of malware, which Apple updates regularly
Xprotect is a blacklist that runs locally and is rarely used.
The phone home functionality is notarization, where apple does a network call to check that the signature on an executable actually came from apple’s notarization process. It is in essence a reputation system, where developers must be on good terms with apple to have the ability to notarize and get a smooth install experience.
From what I had in mind, notarization is only done developer side before publishing. Client side it's just a check against Apple certificates to verify that the binary haven't been tampered since notarization, no phoning home should be involved. (Or maybe just to update Apple certificates).
They also check the developer certificate in the OCSP stage.
Both of these are mechanisms where apple can effectively lock out developers from having a smooth install experience for their software at their discretion.
1. Most users are not capable of using general purpose computing technology in a wild, networked environment safely.
2. Too many people who matter to ignore insist, "something must be done."
3. And so something shall be done.
4. Apple is navigating difficult waters. As much as I disapprove of how they have chosen a path for iOS, the fact is many people find those choices are high value.
5. I do, for the most part, approve of their choices for Mac OS. I am not sure how they prevent malicious code without maintaining some sort of information for that purpose.
6. We are arriving at a crossroads many of us have been talking about for a long time. And that means we will have to make some hard choices going forward. And how we all navigate this will impact others in the future for a long time.
Look at Microsoft! They are collecting everything! And they absolutely will work with law enforcement anytime, any day, almost any way!
I sure as hell want nothing to do with Windows 11. Most technical people I know feel the same way.
Screenies every 3 to 5 seconds? Are they high? Good grief! Almost feels like raw rape. Metaphorically, of course.
Then we have Linux. Boy am I glad I took the time way back in the 90's to learn about OSS, Stallman, read words from interesting people, Raymond, Perkins, Searles, Lessig, Doctorow, many others!
Linus did all of tech one hell of a solid and here we are able to literally dumpster dive and build whatever we want just because we can. Awesome sauce in a jar right there
, but!
(And this really matters)
...Linux just is not going to be the general answer for ordinary people. At least not yet. Maybe it will be soon.
It is an answer in the form of a crude check and balance against those in power. Remember the "something shall be done" people? Yeah, those guys.
And here we are back to Apple.
Now, given the context I put here, Apple has ended up really important. Working professionals stand something of a chance choosing Mac OS rather than be forced into Windows 11, transparent edition!
And Apple does not appear willing to work against their users best interests, unless they are both compelled to by law, and have lost important challenges to said law.
If you want that, your choices are Apple and Linux!
7. Open, general purpose computing is under threat. Just watch what happens with Arm PC devices and the locked bootloaders to follow just like mobile devices.
Strangely, I find myself wanting to build a really nice Intel PC while I still can do that and actually own it and stand some basic chance of knowing most of what it doing for me. Or TO ME.
No Joke!
As I move off Win 10, it will be onto Linux and Mac OS. Yeah, hardware costs a bit more, and yeah it needs to be further reverse engineered for Linux to run on it too, but Apple does not appear to get in the way of all that. They also do not need to help and generally don't. Otherwise, the Linux work is getting done by great people we all really should recognize and be thankful for.
That dynamic is OK with me too. It is a sort of harsh mutual respect. Apple gets to be Apple and we all get to be who we are and do what we all do with general purpose computers as originally envisioned long ago.
We all can live pretty easily with that.
So, onward we go! This interesting time will prove to be more dangerous than it needs to be.
If it were not for Apple carving out a clear alternative things would look considerably more draconian, I could and maybe almost should say fascist and to me completely unacceptable.
As someone who cut his teeth on computing in the era you refer to, I have a small disagreement about Linux (especially Ubuntu) in your statement.
Apple is priced beyond the reach of many "ordinary people" especially outside the western markets. A cheap (perhaps after market) laptop with Ubuntu on it (often installed by the seller) is something that has been getting a lot of traction among regular users. Most of the things they do are via. a browser so as long as Chrome/FF works, they're good. They often install software that undermines the security that the platform natively offers but still, it's a pretty decent compromise.
You know I decided to take my old note 8 for a test drive as a PC of sorts. Went ahead and purchased one of those USB 3 port bricks so I could hook up a nice display, keyboard, mouse, removable storage.
Samsung Dex popped up and it works mostly!
I found one could do quite a lot.
That is not the way I would go, but if I had to? Bring it! Plenty can be done, good skills learned.
> I run a whole bunch of non-app-store binaries every single day
if you are in the US, you need to either register as a developer, or register an apple id and register your app to run it for a week. that's how you run non-app store code. Both of those require permission from apple.
This is completely incorrect. You can download a random binary and execute it. You will get a warning dialog saying it’s not signed by a known developer. You are free to ignore that though.
Depends what you mean by fiddling. But I'm in the process of switching to mac from Linux because my new job has forced it upon me.
I tried installing "Flameshot" via homebrew and it wouldn't run until I went into Finder, right clicked it and clicked open. Luckily it's mentioned in their docs [0] or I would have never guessed to do this.
I use homebrew every day and have never encountered this. Sounds like an issue with how the software has been packaged.
I also notice two other installation options in your link that do not come with those additional instructions — which to me suggests with whatever they’re doing on homebrew.
If I were you, I would relax. At least you are not being shoved onto Win 11.
And then think about that. Seriously. I did. Have a few times off and on over the years as we sink into this mess.
I bet you find an OS that does a bit more than you may otherwise prefer to prevent trouble. If so, fair call in my book.
Just how big of a deal is that?
Compared to Android, Windows 10 and tons of network services and such and what they do not do FOR you, and instead do TO you.
And you can run a respectable and useful installation of Linux on that spiffy Apple hardware when it gets old. So make sure it gets old, know what I mean?
As someone that just got out of a gig where I had to run Docker on MacOS - for the love of god, I would have done almost anything to use Windows 11.
Look - if I'm going to be treated like garbage, advertised to and patronized, at least let me use the system that can run Linux shells without turning into a nuclear reactor.
It’s not “a big deal” if the user knows about, but the phrasing in macOS is maliciously bad - I sent a build from my machine to a coworker and when they “naively” ran it, the pop up that came up didn’t say “this program is unsigned” it said “this program is damaged and will now be deleted” (I don’t remember the exact phrasing but it made it sound like a virus or damaged download, not like an unsigned program).
> If you send your computer/phone to Apple for repair you may get back different physical hardware.
I happen to be in the midst of a repair with Apple right now. And for me, the idea that they might replace my aging phone with a newer unit, is a big plus. As I think it would be for almost everyone. Aside from the occasional sticker, I don't have any custom hardware mods to my phone or laptop, and nor do 99.99% of people.
Can Apple please every single tech nerd 100% of the time? No. Those people should stick to Linux, so that they can have a terrible usability experience ALL the time, but feel more "in control," or something.
Why not both? Why can’t we have a good usability experience AND control? In fact, we used to have that via the Mac hardware and software of the 1990s and 2000s, as well as NeXT’s software and hardware.
There was a time when Apple’s hardware was user-serviceable; I fondly remember my 2006 MacBook, with easily-upgradable RAM and storage. I also remember a time when Mac OS X didn’t have notarization and when the App Store didn’t exist. I would gladly use a patched version of Snow Leopard or even Tiger running on my Framework 13 if this were an option and if a modern web browser were available.
NeXT was great and Mac OS X was also nice and had a lovely indie and boutique app ecosystem during the mid-to-late 2000s. Sadly, iOS stole the focus. However, the OP argues Linux usability is bad, which I think is an outdated POV. It really depends on your setup and usecases. For many development usecases, Linux is superior to macOS.
I run NixOS on a plain X11 environment with a browser, an editor and a terminal. It's really boring. For my favorite development stacks, everything works. Flakes make workflow easy to reproduce, and it's also easy to make dramatic setup changes at OS level thanks to declarativeness and immutability.
If you're interacting with other humans, or with the consumer internet, you'll run into thousands of situations where my default setup (macOS, Chrome) "just works," and your setup will require some extra effort.
You may be smart enough to figure it out, but most people (even many smart tech people) get tired of these constant battles.
Here's an example from earlier this evening: I was buying a plane ticket from Japan Air Lines. Chrome automagically translates their website from Japanese to English. Other browsers, e.g. Firefox, and even Safari, do not - I checked. Is there a workaround or a fix? I'm sure you could find one, given time and effort. But who wants to constantly deal with these hassles?
Another very common example is communication apps. Or any time you're exchanging data in some proprietary format. Would it be great if no one used proprietary formats? Yes! Is that the world we live in? No. Can I force the rest of the world to adopt open standards, by refusing to communicate with them? No.
The world has moved on from desktop environments to multi-device integration like Watch, Phone, AirTags, Speakers, TV and in that way Linux usability is certainly worse than MacOS.
Oh sort of. That is for sure a thing, but not THE thing.
I would argue people are being tugged in that direction more than it being simply better.
You can bet when people start to get to work building things --all sorts of things, not just software, they find out pretty quickly just how important a simple desktop running on a general purpose computer really is!
It could help to compare to other makers for a minute: if you need to repair your Surface Pro, you can easily remove the SSD from the tray, send your machine and stick it back when it comes repaired (new or not)
And most laptops at this point have removable/exchangeable storage. Except for Apple.
> remove the SSD from the tray, send your machine and stick it back when it comes repaired
Apple has full-disk encryption backed by the secure enclave so its not by-passable.
Sure their standard question-set asks you for your password when you submit it for repair.
But you don't have to give it to them. They will happily repair your machine without it because they can boot their hardware-test suite off an external device.
I get your point, but we can also agree "send us your data, we can't access it anyway, right ?" is a completely different proposition from physically removing the data.
In particular if a flaw was to be revealed on the secure enclave or encryption, it would be too late to act on it after the machines have been sent in for years.
To be clear, I'm reacting on the "Apple is privacy focused" part. I wouldn't care if they snoop my bank statements on disk, but as a system I see them as behind what other players are doing in the market.
I hear the point you're making and I respect the angle, its fair-enough, but ...
The trouble with venturing into what-if territory is the same applies to you...
What if the disk you took out was subjected to an evil-maid attack ?
What if the crypto implementation used on the disk you took out was poor ?
What if someone had infiltrated your OS already and been quietly exfiltrating your data over the years ?
The trouble with IT security is you have you trust someone and something because even with open-source, you're never going to sit and read the code (of the program AND its dependency tree), and even with open-hardware you still need to trust all those parts you bought that were made in China unless you're planning to open your own chip-fab and motherboard plant ?
Its the same with Let's Encrypt certs, every man and his dog are happy to use them these days. But there's still a lot of underlying trust going on there, no ?
So all things considered, if you did a risk-assessment, being able to trust Apple ? Most people would say that's a reasonable assumption ?
> even with open-source, you're never going to sit and read the code (of the program AND its dependency tree)
You don't have to. The fact that it's possible for you to do so, and the fact that there are many other people in the open source community able to do so and share their findings, already makes it much more trust-worthy than any closed apple product.
I hope you bring that up as an example in favor on open-source, as an example that open-source works. In a closed-source situation it would either not be detected or reach the light of day.
In a closed source situation people using a pseudonym don't just randomly approach a company and say "hey can I help out with that?"
It was caught by sheer luck and chance, at the last minute - the project explicitly didn't have a bunch of eyeballs looking at it and providing a crowd-sourced verification of what it does.
I am all for open source - everything I produce through my company to make client work easier is open, and I've contributed to dozens of third party packages.
But let's not pretend that it's a magical wand which fixes all issues related to software development - open source means anyone could audit the code. Not that anyone necessarily does.
> What if the disk you took out was subjected to an evil-maid attack ?
Well, have fun with my encrypted data. Then I get my laptop back, and it's either a) running the unmodified, signed and encrypted system I set before or b) obviously tampered with to a comical degree.
> What if the crypto implementation used on the disk you took out was poor ?
I feel like that is 100x more likely to be a concern when you can't control disc cryptography in any meaningful way. The same question applies to literally all encryption schemes ever made, and if feds blow a zero day to crack my laptop that's a victory through attrition in anyone's book.
> What if someone had infiltrated your OS already and been quietly exfiltrating your data over the years ?
What if aliens did it?
Openness is a response to a desire for accountability, not perfect security (because that's foolish to assume from anyone, Apple or otherwise). People promote Linux and BSD-like models not because they cherry-pick every exploit like Microsoft and Apple does but because deliberate backdoors must accept that they are being submit to a hostile environment. Small patches will be scrutinized line-by-line - large patches will be delayed until they are tested and verified by maintainers. Maybe my trust is misplaced in the maintainers, but no serious exploit developer is foolish enough to assume they'll never be found. They are publishing themselves to the world, irrevocably.
What if the disk could be removed, put inside a thunderbolt enclosure, and worked on another machine while waiting for the other? That's what I did with my Framework.
Framework has demonstrated in more than one way that Apple's soldered/glued-in hardware strategy is not necessary.
It's also possible to say "nothing" and just leave it at that. A lot of people are desperate to defend Apple by looking at security from a relative perspective, but today's threats are so widespread that arguably Apple is both accomplice and adversary to many of them. Additionally, their security stance relies on publishing Whitepapers that have never been independently verified to my knowledge, and perpetuating a lack of software transparency on every platform they manage. Apple has also attempted to sue security researchers for enabling novel investigation of iOS and iPadOS, something Google is radically comfortable with on Android.
The fact that Apple refuses to let users bring their own keys, choose their disc encryption, and verify that they are secure makes their platforms no more "safe" than Bitlocker, in a relative sense.
I suppose so they can do a boot test post-repair or something like that. I have only used their repair process like twice in my life and both times I've just automatically said "no" and didn't bother asking the question. :)
With Apple FDE, you get nowhere without the password. The boot process doesn't pass go. Which catches people out when they reboot a headless Mac, the password comes before, not after boot even if the GUI experience makes you feel otherwise.
You need to trust the erasure system, which is software. This also requires you to have write access to the disk whatever the issues are, otherwise your trust is left in the encryption and nobody having the key.
That's good enough for most consumers, but a lot more sensitive for enterprises IMHO. It usually gets a pass by having the contractual relation with the repair shop cover the risks, but I know some roles that don't get macbooks for that reason alone.
>And for me, the idea that they might replace my aging phone with a newer unit, is a big plus. As I think it would be for almost everyone.
except that isn't generally how factory repairs are handled.
I don't know about Apple specifically, but other groups (Samsung, Microsoft, Lenovo) will happily swap your unit with a factory refurbished or warranty-repaired unit as long as it was sufficiently qualified before hand -- so the 'replaced with a newer unit' concept might be fantasy.
I've seen a few Rossman streams with officially "refurbished" macbooks that were absolutely foul inside. Boards that looked like they had been left on a preheater over lunch, rubber wedges to "cure" a cracked joint, all sorts of awful shit. The leaked stories from the sweatshop that did the work were 100% consistent with the awful quality.
Admittedly this was a few years ago. Has apple mended their ways or are they still on the "used car salesman" grindset?
Are these Apple refurbished, or bought from a third party like Best Buy or Amazon? I’ve bought plenty of Apple refurbished products (directly from Apple) over the years and they always look like new (including 100% battery health).
Third parties and resellers though I’m convinced just call their returns/open box units that appear to be in decent condition “refurbished.”
You have a phone with a real, but subtle fault. Something not caught by the normal set of tests. You return it for repair, get sent a new one, they replace the battery in your old one and put into stock as 'reconditioned'.
My phone is perfect, save for a worn out battery. I send it in for battery replacement, they send me yours. Now I've swapped my perfect phone for your faulty phone - and paid $70 to do so.
It would depend on a countries consumer laws. I used to work for AASP's in Australia and they definitely used refurished phones for replacements and refurished parts for the Mac repairs. Not everyone who uses this site lives in America...
Further, there is a CRL/OCSP cache — which means that if you're running a program frequently, Apple are not receiving a fine-grained log of your executions, just a coarse-grained log of the checks from the cache's TTL timeouts.
Also, a CRL/OCSP check isn't a gating check — i.e. it doesn't "fail safe" by disallowing execution if the check doesn't go through. (If it did, you wouldn't be able to run anything without an internet connection!) Instead, these checks can pass, fail, or error out; and erroring out is the same as passing. (Or rather, technically, erroring out falls back to the last cached verification state, even if it's expired; but if there is no previous verification state — e.g. if it's your first time running third-party app and you're doing so offline — then the fallback-to-the-fallback is allowing the app to run.)
Remember that CRLs/OCSP function as blacklists, not whitelists — they don't ask the question "is this certificate still valid?", but rather "has anyone specifically invalidated this certificate?" It is by default assumed that no, nobody has invalidated the certificate.
> i.e. it doesn't "fail safe" by disallowing execution if the check doesn't go through. (If it did, you wouldn't be able to run anything without an internet connection!) Instead, these checks can pass, fail, or error out; and erroring out is the same as passing. (Or rather, technically, erroring out falls back to the last cached verification state, even if it's expired; but if there is no previous verification state — e.g. if it's your first time running third-party app and you're doing so offline — then the fallback-to-the-fallback is allowing the app to run.)
> Last week, just after we covered the release of Big Sur, many macOS users around the world experienced something unprecedented on the platform: a widespread outage of an obscure Apple service caused users worldwide to be unable to launch 3rd party applications.
Scroll down a little further on your link for confirmation of what the parent said:
> As was well-documented over the weekend, trustd employs a “fail-soft” call to Apple’s OCSP service: If the service is unavailable or the device itself is offline, trustd (to put it simply) goes ahead and “trusts” the app.
Even at the time people quickly figured out you could just disconnect from the internet as a workaround until the issue was fixed.
Presumably because you have Gatekeeper set to "Allow applications from: App Store" rather than "Allow applications from: App Store & Known Developers".
This is just Gatekeeper asking you which code-signing CA certs you want to mark as trusted in its kernel-internal trust store (which is, FYI, a separate thing from the OS trust store): do you want just the App Store CA to be trusted? Or do you also want the Apple Developer Program's "Self-Published App" Notarization CA to be trusted?
Choosing which code-signing CA-certs to trust will, obviously, determine which code-signed binaries pass certificate validation. Just like choosing which TLS CAs to trust, determines which websites pass certificate validation.
Code-signing certificate validation doesn't happen online, though. Just like TLS certificate validation doesn't happen online. It's just a check that the cert you have has a signing path back to some CA cert in the local trust store.
I have the latter Gatekeeper option, and I often have to click "Allow anyway". I don't see how being forced to click an extra button in a preference pane makes things more secure.
If you're getting the Gatekeeper dialog with the "Open anyway" button (the "Apple cannot verify that this app is free of malware" alert), then this is a specific case: you're on Catalina or later, and the app you're using has a valid code-signature but hasn't been notarized.
This warning only triggers for legacy releases of apps, published before notarization existed. Since Catalina, notarization has been part-and-parcel of the same flow that gets the self-published app bundle code-signed by Apple. AFAIK it is no longer possible to create a code-signed but non-notarized app bundle through XCode. (It's probably still possible by invoking `codesign` directly, and third-party build systems might still be doing that... but they really shouldn't be! They've had years to change at this point! Catalina was 2019!)
Thus, the "Open anyway" option in this dialog is likely transitional. This warning is, for now, intended to not overly frighten regular users, while also indicating to developers (esp. the developer of the app) that they should really get out a new, notarized release of their app, because maybe, one day, this non-notarized release of the app won't be considered acceptable by Gatekeeper any more.
I'm guessing that once a sufficient percentage of apps have been notarized, such that macOS instrumentation reports this dialog being rarely triggered, the "Open anyway" option will be removed, and the dialog will merge back into the non-code-signed-app version of the dialog that only has "Cancel" and "Move to Trash" options. Though maybe in this instance, the dialog would have the additional text "Please contact the app developer for a newer release of this app" (because, unlike with an invalid digital signature, macOS wouldn't assume the app is infected with malware per se, but rather just that it might do low-level things [like calling private OS frameworks] that Apple doesn't permit notarized apps to do.)
Both Windows and MacOS require that developers digitally sign their software, if you want users to be able to run that software without jumping through additional hoops on their computer.
You can't distribute software through the Apple or Microsoft app stores without the software being signed.
You can sign and distribute software yourself without having anything to do with the app stores of either platform, although getting a signing certificate that Windows will accept is more expensive for the little guys than getting a signing certificate that Macs will accept.
On Windows, allowing users to run your software without jumping through additional hoops requires you to purchase an Extended Validation Code Signing Certificate from a third party. Prices vary, but it's going to be at least several hundred dollars a year.
It used to be that you could run any third-party application you downloaded. And then for a while you'd have to right-click and select Open the first time you ran an application you'd downloaded, and then click through a confirmation prompt. And macOS 15, you have to attempt to open the application, be told it is unsafe, and then manually approve it via system settings.
That's just your extremely limited experience (2 stores): homebrew runs a special command clearing up a bit so you don't get that notification, which does exist if yout download apps directly
Huh? It hashes the binary and phones home doesn’t it? Go compile anything with gcc and watch that it takes one extra second for the first run of that executable. It’s not verifying any certificates
When I first run locally-built software I tend to notice XProtect scanning each binary when it is launched. I know that XProtect matches the executable against a pre-downloaded list of malware signatures rather than sending data to the internet, but I haven't monitored network traffic to be sure it is purely local. You can see the malware signatures it uses at /private/var/protected/xprotect/XProtect.bundle/Contents/Resources/XProtect.yara if you're curious.
With the sheer number of devs who use Macs, there is a 0% chance they’re going to outright prevent running arbitrary executables. Warn / make difficult, sure, but prevent? No.
The strategy is to funnel most users onto an ipad-like platform at most where they have basic productivity apps like word or excel but no ability to run general purpose programs.
Meanwhile you have a minimal set of developers with the ability to run arbitrary programs, and you can go from there with surveillance on MacOS like having every executable tagged with the developer's ID.
The greater the distance between the developer and the user, the more you can charge people to use programs instead of just copying them. But you can go much further under the guise of "quality control".
> The strategy is to funnel most users onto an ipad-like platform at most where they have basic productivity apps like word or excel but no ability to run general purpose programs.
And you know this how?
This reads like every macOS fan’s worst nightmare, but there’s zero actual evidence that Apple is going in this direction.
> The strategy is to funnel most users onto an ipad-like platform
They make the best selling laptop in the world, and other most-popular-in-class laptops. If their strategy is to have people not use laptops, they are going about it funny.
> not share that data with other parties but they definitely do not respect your privacy
not sharing my data with other parties, or using it to sell me stuff or show me ads, is what I would define as respecting my privacy; Apple checks those boxes where few other tech companies do
Their repair policy, from what I can see, is a thinly veiled attempt to get you to either pay for Apple Care or to upgrade. I got a quote to repair a colleague's MacBook Pro, less than 2 years old, which has apparent 'water damage' and which they want AUD $2,500 to repair! Of course that makes no sense, so we're buying a new one ...
The problem with many self-repair people is they effectively value their time at zero.
I value my time realistically, i.e. above zero and above minimum wage. It is therefore a no brainer for me to buy AppleCare every ... single ..time. It means I can just drop it off and let someone else deal with messing around.
I also know how much hassle it is. Like many techies, I spent part of my early career repairing people's PCs. Even in big PC tower cases with easy accessibility to all parts its still a fucking horrific waste of time. Hence these days I'm very happy to let some junior at Apple do it for the cost of an AppleCare contract.
> The problem with many self-repair people is they effectively value their time at zero.
Back in 2010 Apple quoted me €700 for a topcase replacement because of shattered display glass. Instead I paid €50 for a third party replacement pane and did 15 minutes of work with a heat gun.
What's more, they fold most of the cost of the repair into the price of parts. So you can either get a replacement screen for €499 and install it yourself, or have it officially repaired for €559. This effectively subsidizes official repairs and makes DIY repairs more expensive.
Apple does extreme gouging with repairs, its hogwash to claim anything else.
My hope is that the machine will work for a long while, like most of them do. In my case it’s a ~$1200 machine so I prefer to self-insure. I’m taking the chance that if it goes bad, I’ll pay to fix or replace it.
This makes sense, for me, when I do it on everything that I buy.
A big problem with Apple Care is here in Thailand anyway you need to give them your computer for a few weeks. You have to wait a week for them to look at it. They won't even allow you to use it and then bring it back in a week.
How often do you actually need a repair from Apple? I used to buy AppleCare but stopped in the last few years and have yet to need any repairs done except a battery replacement on a 14 Pro that I was giving to family.
Even with small children, I haven’t really found a need for AppleCare. They don’t touch my devices, and their devices are older iPads that aren’t worth that much to begin with, sheathed with big chonky cases that have survived a few trips down stairs unscathed.
Because it feels like extortion. There was almost certainly no water damage caused by external factors: the user didn't spill anything on it and has literally no idea where the so-called water damage could have come from. I have heard anecdotally that this is their go-to for denying claims and it is difficult to argue against.
Agree. I recently went to an Apple store in Tokyo to buy an accessory. The Apple employee pulled up their store iPhone to take my payment (apple pay) and then asked me to fill out a form with my email address and there was a message about how my info would be shared with some company. I thought about going back and pretending to buy something else so I could film it. I questioned the store person, "It's apple supposed to be "Privacy first"". If it was privacy first they wouldn't have asked for the info in the first place and they certainly wouldn't be sharing it with a 3rd party.
At the very least Apple are better than Microsoft, Windows and the vendors that sell Windows laptops when it comes to respecting user experience and privacy.
I switched to iPhone after they added the tracker blocking to the OS.
Everything is a tradeoff.
I’d love to live in the F droid alt tech land, but everything really comes down to utility. Messaging my friends is more important than using the right IM protocol.
Much as I wish I could convince everyone I know and have yet to meet to message me on Signal or whatever, that simply isn’t possible. Try explaining that I am not on Whatsapp or insta to a girl I’ve just met…
Also it is nice to spend basically no time maintaining the device, and have everything work together coherently. Time is ever more valuable past a certain point.
But why do we have to choose between convenient and open? Why are these companies allowed to continue having these protected "gardens"? I don't believe a free and truly open ecosystem for mobile devices would actually be less convenient than iOS or Android. If anything it would be vastly better.
Has it occurred to you that the stronger control of the ecosystem is a feature that supports the convenience and integration that's possible?
This is just the "Why not Linux desktop" argument from the past two decades. Sure, in theory it can be configured to do a lot of different things. But you're probably gonna have to work out the details yourself because the downside of theoretically supporting everything is that it's impossible to just have it work out of the box with every single scenario.
They have big numbers. Big numbers tell that 95% of people would need to be in closed protected gardens rather than getting slaughtered by open source wolves.
> Apple is well on its way to ensure you can only run things they allow via app store, they would probably already be there if it wasn't for the pesky EU.
People have been saying this ever since Apple added the App Store to the Mac in 2010. It’s been 14 years. I wonder how much time has to go by for people to believe it’s not on Apple’s todo list.
Genuinely asking: are there any specifics on this? I understand that blocking at the firewall level is an option, but I recall someone here mentioning an issue where certain local machine rules don’t work effectively. I believe this is the issue [1]. Has it been “fixed”?
They're probably referring to the certificate verification that happens when you open any notarized application. Unless something changed recently, the system phones home to ensure its certificate wasn't revoked.
It does kind of suck if the binary is frequently updated, big and you have a slow internet connection. So some program which normally takes seconds to open can take 20 or more seconds to open after an update. Or if you don't use that program frequently, you always get a very slow start of a program.
Yeah because what’s being sent is not analytics but related to notarizarion, verifying the app’s integrity (aka is it signed by a certificate known to Apple?)
This came to light a few years ago when the server went down and launching apps became impossible to slow…
> Around one year ago, after joining the Blender Development Fund and seeding hardware to Blender developers, Apple empowered a few of its developers to directly contribute to the Blender source code.
I'm assuming similar support goes to other key pieces of software, e.g., from Adobe, Maxon, etc... but they don't talk about it for obvious reasons.
The point being Apple considers these key applications to their ecosystem, and (in my estimation at least) these are applications that will probably never be included in the App Store. (The counterargument would be the Office Suite, which is in the App Store, but the key Office application, Excel, is a totally different beast than the flagship Windows version, that kind of split isn't possible with the Adobe suite for example.)
Now what I actually think is happening is the following:
1. Apple believes the architecture around security and process management that they developed for iOS is fundamentally superior to the architecture of the Mac. This is debatable, but personally I think it's true as well for every reason, except for what I'll go into in #2 below. E.g., a device like the Vision Pro would be impossible with macOS architecture (too much absolute total complete utter trash is allowed to run unfettered on a Mac for a size-constrained device like that to ever be practical, e.g., all that trash consumes too much battery).
2. The open computing model has been instrumental in driving computing forward. E.g., going back to the Adobe example, After Effects plugins are just dynamically linked right into the After Effects executable. Third party plugins for other categories often work similarly, e.g., check out this absolutely wild video on how you install X-Particles on Cinema 4D (https://insydium.ltd/support-home/manuals/x-particles-video-...).
I'm not sure if anyone on the planet even knows why, deep down, #2 is important, I've never seen anyone write about it. But all the boundary pushing computing fields I'm interested in, which is mainly around media creation (i.e., historically Apple's bread-and-butter), seems to depend on it (notably they are all also local first, i.e., can't really be handled by a cloud service that opens up other architecture options).
So the way I view it is that Apple would love to move macOS to the fundamentally superior architecture model from iOS, but it's just impossible to do so without hindering too many use cases that depend on that open architecture. Apple is willing to go as close to that line as they can (in making the uses cases more difficult, e.g., the X-Particles video above), but not actually willing to cross it.
> Apple is well on its way to ensure you can only run things they allow via app store, they would probably already be there if it wasn't for the pesky EU
What has the EU done to stop Apple doing this? Are Apple currently rolling it out to everywhere but the EU?
>Apple is well on its way to ensure you can only run things they allow via app store
that ship has well and truly sailed, this conspiracy might once have held water but Apple's machines are far too commercially ubiquitous for them to have any designs on ringfencing all the software used by all the industries that have taken a liking to the hardware.
The EU is center-right-wing, and laughs all the way to the bank whenever someone like you falls for their "we externally pretend to be the good guys" trope. Leyen is pretty much the worst leadership ever, but they still manage to convince the politically naiv that everything is fine, because of GDPR, AI laws and huge penalties for big tech. Its sad how simple it is to confuse people.
I mean, the security features are pretty well documented. The FBI can't crack a modern iPhone even with Apple's help. A lot of the lockdowns are in service of that.
I'm curious: what hardware and software stack do you use?
Edit: I have not posted a source for this claim, because what sort of source would be acceptable for a claim of the form "X has not occurred"?
If you are going to claim Apple's security model has been compromised, you need not only evidence of such a compromise but also an explanation for why such an "obvious" and "cheap" vulnerability has not been disclosed by any number of white or grey-hat hackers.
"Since then, technologies like Grayshift’s GrayKey—a device capable of breaking into modern iPhones—have become staples in forensic investigations across federal, state, and local levels."
"In other cases where the FBI demanded access to data stored in a locked phone, like the San Bernardino and Pensacola shootings, the FBI unlocked devices without Apple’s help, often by purchasing hacking tools from foreign entities like Cellebrite."
> Apple is well on its way to ensure you can only run things they allow via app store
I'm very happy to only run stuff approved on Apple's app store... ESPECIALLY following their introduction of privacy labels for all apps so you know what shit the developer will try to collect from you without wasting your time downloading it.
Also have you seen the amount of dodgy shit on the more open app stores ?
It's a reasonable choice to do so and you can do it now.
The problem starts when Apple forbid it for people who want to install on their computer what they want.
> Apple is well on its way to ensure you can only run things they allow via app store
I am totally ok with this. I have personally seen apple reject an app update and delist the app because a tiny library used within it had a recent security concerns. Forced the company to fix it.
No one is stopping you from using only the app store if you value its protection, so you need a more relevant justification to ok forcing everyone else to do so
If I had 1.4B active users I would want to mitigate the ability of almost all of them to accidentally fuck up their devices instead of worrying about irritating a few tech folk because they can’t load broken apps on it.
Your stat is an order of magnitude type of fantasy, the apps aren't broken, and the inability to install also affects everyone, not a few folks, so again you're left with nothing but your personal desire for controlling other people
> Your personal desire for controlling other people.
Well that’s just childish, pouty, and not a very well thought out train of thought on the subject.
The control isn’t over people, it’s about finding a solution to creating and preserving market share via device reliability on the platform. There are 1.4B iPhone users (and that’s a real number, not a fantasy), and not every one of those people is savvy enough to vet their applications before installation. If installation of any app was wide open you would have a large portion of those 1.4B accidentally installing crap. They may have 100 apps on their phone but if 1 is a piece of shit and broken (and yes conservatively at least 1% of apps out there probably have a bug bad enough to wreck some havoc) and it renders the reliability of the phone to shit that’s bad. If the market perceives that the reliability of the device is shit, Apple loses either in increasing or preserving market share for the device. Apple needs those devices need to work reliably and it feels that one way to do that is vetting the apps that will be running on it. The hardware is great, the OS does its job making the hardware platform operational, but the one place where there is the opportunity to introduce instability is in the apps. So you do your best to control that area of instability opportunity on your platform.
Here is the beautiful thing for you…there plenty of other phones out there that will allow you to install whatever the hell you want. Apple only has 16% of the worldwide smartphone market share.
Man, talking about crashing trains of thought: you fail to grasp the fact that the conversation is about MacOS, not iOS, that there is no contradiction between "blah platform" and control over people, and even that the fact that other phones exist doesn't negate the deficiencies of this specific phone
> conservatively at least 1% of apps
That's another made up number of yours, with a similarly made up qualifier
> the market perceives that the reliability of the device is shit
Since the vast majority of devices aren't so locked down, isn't "the market" yelling at yout that you're wrong?
I was talking about iOS so yes, I missed that the conversation was about Mac. Shame on me. In a sense the use case for a Mac is less ubiquitous than a smartphone, so the need for vetting may not be as great because users of the device don’t perceive the apps running on it as the device itself.
However, I stand firm in my argument about why the iPhone is locked down and why it’s a good thing. Even if you spread into other smartphone manufacturers like Samsung, you still find similar attempts to control the lay users ability to install unvetted apps on the devices. It may even be more important for them to do that too since they don’t fully control the OS on their devices.
> That's another made up number of yours, with a similarly made up qualifier
Obvious it was made up and obviously it was set as an intentionally low bar for software quality because who would argue (especially on HN) that 100% of available software out there is bug free, but if you want to believe that all available software is 100% safe to use, I encourage you to download and install everything you come across no matter whether the device is a smartphone, a Mac, or any other device you use and rely upon. I am sure you will be fine.
Sure, though it doesn't mean what you want it to mean since you just ignore the $$$ elephant in the room that explains the desire for more control. For the same reason, you "stand firm" in ignorance as to "why the iPhone is locked down"
> Obvious it was made up
Glad you realise that.
> intentionally low bar
Intentionally appearing like one
> if you want to believe ... software is 100% safe to use
Again with your fantasies. I believe the justification should be grounded in reality, both in terms of the % estimate as well as in terms of the severity (so no, "bug free" is irrelevant, you need severe billions-afecting bugs that can only be eliminated by hard-forcing the app store, which you can't have since the reality doesn't align with you).
And as to your standing firm in your argument "why it’s a good thing", well, you don't really have an argument, just a desire for one with made up stats and corporate motivations
Alrighty, so I guess what we have learned that apparently some number at 100% or perhaps less of all software is apparently released bug free. However, we don’t know for sure “the perhaps less”, despite all of the numerous historical examples of shit software being released that has wrecked havoc that we or others have experienced. And since we don’t know that precise number we are not allowed to state any estimate no matter how modest that is below that 100% of software perfection. Therefore, a device manufacturer would never need or should do anything that attempts to protect the consumer and their market share by protecting the device’s perceived reliability by preventing buggy software from being installed, because buggy software doesn’t exist.
Thanks for the education in the importance of precision and the rejection of experience in determining reality. I’ll ignore my decades of having to clean up all the messes that apparently non-existent buggy shit software managed to do to novice and lay users who willy-nilly installed it…or maybe didn’t install it, since it was imaginary.
By the way…before you respond again you might read up a bit on situational irony. You seemed to have missed it on my prior comment…and this one is dripping with it.
Your drips don't land because you can't make up a valid argument, ignore what I said and resort back to your fantasy land again fighting your imaginary 100%s and do-nothings
Sure – Apple are trying to stop people who don't know what they're doing from getting hurt. Hence the strong scrutiny on what is allowed on the App Store (whether it's reasonable to charge 30% of revenue is an entirely different question).
People who are installing things using a terminal are probably (a) slightly computer savvy and (b) therefore aware that this might not be a totally safe operation.