[cyrus_]

Lenovo's malware scandal should certainly give you pause, but do note that it was only installed on its consumer laptops. Thinkpads were unaffected.

Moreover, Apple is far from the cleanly ethical choice you seem to think it is. It blocks or impedes the installation of software that it has unilaterally decided is against its interests + takes a ludicrous percentage of revenue via the App Store.

[voidlogic]

>Lenovo's malware scandal should certainly give you pause, but do note that it was only installed on its consumer laptops. Thinkpads were unaffected.

And would not matter if you were installing Linux per this thread...

[vardump]

Operating system doesn't matter much when the malware is in BIOS or firmware code.

[tinus_hn]

The 'malware' used a Windows misfeature that allows the BIOS to supply an executable that is run during startup. So the malware was in the firmware but only runs on Windows.

[voidlogic]

>Operating system doesn't matter much when the malware is in BIOS or firmware code.

Are you insinuating that was the case here? Source please, I'd be interested to read about that.

[Figs]

Here are three news articles on what happened:

http://arstechnica.com/information-technology/2015/08/lenovo...

http://www.techrepublic.com/article/windows-and-uefi-anti-th...

http://www.pcworld.com/article/2969365/security/lenovos-serv...

This should really only affect Windows systems as far as I know -- Windows is running an executable stored in the firmware at boot (a rather dubious feature, in my opinion, but it's intended as an anti-theft measure). Lenovo used that feature to try to circumvent removal of their crapware when someone reinstalls the OS.

[vardump]

For example SMM (system management mode) code is certainly loaded and executed under any operating system. You have to just trust the mainboard vendor.

https://en.wikipedia.org/wiki/System_Management_Mode

I'm not insinuating anything. All I know is that Lenovo broke our collective trust before, thinking they can get away with it.

[voltagex_]

https://www.techdirt.com/articles/20150812/11395231925/lenov...

[betanumerical]

It gets copied from the firmware and runs pre OS. But the executable only runs on windows from what I can tell, so its technically its cross platform but it wont run on both platforms.

[pritambaral]

The executable runs on Windows because Windows loads it and runs it. The executable doesn't force itself on Windows.

[eridius]

> It blocks or impedes the installation of software that it has unilaterally decided is against its interests

What software are you thinking of? Apple maintains editorial control over what's in the App Store, but I can't think of any case where Apple has blocked software distributed outside the app store. The closest I can think of is the fact that the default settings of the computer require apps to be codesigned with an Apple certificate, but Apple doesn't maintain editorial control over who gets certificates, anyone with a developer account can get one (and of course you can even bypass this requirement with right click -> Open, or by changing the security settings on the computer).

> takes a ludicrous percentage of revenue via the App Store

The App Store is completely optional. All software that's published on it can be distributed outside of it. And I don't see how the percentage Apple takes from their completely optional App Store is even remotely connected with ethics.

[loopbit]

> by changing the security settings on the computer

Sierra has disabled the "install from any source" option (although you can re-enable it with some terminal magic). How long until they disable the identified developers option too and leave a system like the iphone?

[tinus_hn]

If the user cannot be trusted to make reasonable choices because he doesn't understand or want to read security popups, you have to make the choice for them. That's what Apple is doing and so is Microsoft. It's the only way to go if you want a secure system. And guess what: people appreciate a stable, secure system that makes it difficult to distribute malware. They appreciate it more than fear-mongering about theoretical issues.

Apple is never going to completely lock down the Mac because it can't be a development platform if it is locked down. Besides, why would they even want to?

[jpetso]

> If the user cannot be trusted to make reasonable choices because he doesn't understand or want to read security popups, you have to make the choice for them.

I would bring up a libertarian argument to counter this view, but unfortunately I don't politically lean that way do it wouldn't be authentic. Somebody definitely should make that point, though.

[userbinator]

Somebody definitely should make that point, though.

Like Richard Stallman?

https://www.gnu.org/philosophy/right-to-read.en.html

[eridius]

> How long until they disable the identified developers option too and leave a system like the iphone?

Never. That would literally kill the platform. And nothing Apple has done has indicated that they even want to go this route. For example, against all expectations, they haven't been expanding the set of sandbox exemptions for apps, which means there are still large classes of apps that cannot be distributed on the App Store as they need functionality that isn't available in the sandbox.

Removing the "disable Gatekeeper" option from the UI does not indicate that Apple wants to force everybody on the App Store, it means that Apple wants everybody to codesign their apps. But, as you already mentioned, you can easily re-enable it from the CLI, and anyone who isn't capable of finding out how to do that is almost certainly not qualified to judge the security implications of making that change.

[nicky0]

Actually they haven't. You can still install from any source by right clicking and choosing Open.

Also one of Sierra's new features is adding support for non-MAS apps to use iCloud features. If they were planning to freeze out non-MAS apps, why would they do that?

[cyrus_]

An Apple developer account costs $99/year.

The ethical problem on macOS is that Apple is imposing artificial technical barriers to push people to pay Apple what amounts to "protection" money.

On iOS, there is no reasonable way to bypass the app store for the vast majority of users.

[eridius]

The fact that you apparently don't understand the security implications here and the reasons why Apple is pushing for codesigning does not mean that Apple is putting up artificial barriers out of greed. That's a pretty ludicrous claim - do you really think the $99/year Apple gets from developers (who aren't already paying for iOS) even registers as a blip on their balance sheets?

The next time you see something you don't understand, your automatic reaction shouldn't be "those greedy bastards", it should be to actually educate yourself as to why it's being done. You may find that in a lot of cases there are actually really good reasons for it. And even if you decide that you don't agree with the reasons, that doesn't make it appropriate to accuse someone of being greedy or doing "evil" things (e.g. artificial technology barriers to extract money), and it's rather offensive for you to do that.

[imtringued]

$99 every year is enough to be a barrier to entry for individuals but low enough to for malicious actors to obtain the ability to sign code.

It doesn't matter how much it costs. Even if it only costs $0.01 a year it would offer the same level of protection.

The only thing the fee does is limit the number of developer certificates to one per bank account.

[cyrus_]

I suspect it is you that doesn't understand the security implications -- if all it takes is $99/year to gain the ability to sign arbitrary code, then there is no security benefit whatsoever. Pure security theater.

Obviously, the $99/year isn't making Apple a lot of money. But what it is doing is creating a culture of acceptance around Apple-as-gatekeeper. The iOS app store is most certainly making Apple a non-trivial amount of money (yes I know its a small percentage of their total at the moment.)

[megablast]

> takes a ludicrous percentage of revenue via the App Store.

Do you know what it was before the Apple App store came along? You were handing over about 70-80%, and that was if you could convince a publisher to take your app, which was a very hard sell.

Then Apple came along offering EVERYONE the ability to publish apps, and at a very reasonable cost.

[mikeash]

You could throw up a web site and an online store and sell directly for nothing close to that. If you used a full-featured sales service, you might pay 8%. If you put in the work to run your own store that works with a merchant account, you could get it down to maybe 3%.

The alternative to the App Store isn't selling through a huge publisher who takes a huge cut, it's selling directly and keeping almost all of the money.

[cyrus_]

No, then _the internet_ came along, offering EVERYONE the ability to publish apps, at an actually very reasonable cost.

[givinguflac]

Please provide one example of Apple blocking an application from running on MacOS. What's that, you don't have an example? Because this is false.

[cyrus_]

First off, I didn't say that Apple was blocking apps on MacOS. I mentioned it because the OP was disparaging Lenovo as a whole because of unethical behavior in one product line. As such, it's only fair to do the same for Apple.

Second, Apple most definitely does "impede" the installation of apps downloaded independently by requiring you to perform an obscure dance to execute them.

[rarepostinlurkr]

> "It blocks or impedes the installation of software ..."

You didn't?

[cyrus_]

You're aware that iPhones and iPads run software I assume.

[nicky0]

You only have to to the "right click and Open" dance if app is unsigned.

Even for unsigned apps, I don't thing two clicks instead of one is all that obscure.