[spacedcowboy]

They send a hash of the binaries/libraries, and generate a cache locally so it's not sent again. That helps stop you from running tampered-with binaries and frameworks. No user-personal data is sent.

There is no evidence at all that they are trying to ensure you can only run things from the App Store - I run a whole bunch of non-app-store binaries every single day. To make that claim is baseless and makes me de-rate the rest of what you write.

There is always a trade-off between privacy and security. This still falls well under the Google/Android/Chrome level, or indeed the Microsoft/Windows level with its targeted ads, IMHO.

Choose your poison, but this works for me.

[GeekyBear]

> They send a hash

My understanding is that they keep a local file with known malware signatures, just like the malware scanners on every other platform.

> macOS includes built-in antivirus technology called XProtect for the signature-based detection and removal of malware. The system uses YARA signatures, a tool used to conduct signature-based detection of malware, which Apple updates regularly

https://support.apple.com/guide/security/protecting-against-...

[Joeri]

Xprotect is a blacklist that runs locally and is rarely used.

The phone home functionality is notarization, where apple does a network call to check that the signature on an executable actually came from apple’s notarization process. It is in essence a reputation system, where developers must be on good terms with apple to have the ability to notarize and get a smooth install experience.

[Twisell]

Are you sure about your point?

From what I had in mind, notarization is only done developer side before publishing. Client side it's just a check against Apple certificates to verify that the binary haven't been tampered since notarization, no phoning home should be involved. (Or maybe just to update Apple certificates).

[Joeri]

According to this article macOS does do a network request to check the notarization ticket:

https://eclecticlight.co/2023/03/09/how-does-ventura-check-a...

They also check the developer certificate in the OCSP stage.

Both of these are mechanisms where apple can effectively lock out developers from having a smooth install experience for their software at their discretion.

[nudgeee]

Isn’t this how certificate revocation flows work?

[torginus]

Doesn't Windows do the exact same thing?

[ddingus]

I agree and want to emphasize a few things:

1. Most users are not capable of using general purpose computing technology in a wild, networked environment safely.

2. Too many people who matter to ignore insist, "something must be done."

3. And so something shall be done.

4. Apple is navigating difficult waters. As much as I disapprove of how they have chosen a path for iOS, the fact is many people find those choices are high value.

5. I do, for the most part, approve of their choices for Mac OS. I am not sure how they prevent malicious code without maintaining some sort of information for that purpose.

6. We are arriving at a crossroads many of us have been talking about for a long time. And that means we will have to make some hard choices going forward. And how we all navigate this will impact others in the future for a long time.

Look at Microsoft! They are collecting everything! And they absolutely will work with law enforcement anytime, any day, almost any way!

I sure as hell want nothing to do with Windows 11. Most technical people I know feel the same way.

Screenies every 3 to 5 seconds? Are they high? Good grief! Almost feels like raw rape. Metaphorically, of course.

Then we have Linux. Boy am I glad I took the time way back in the 90's to learn about OSS, Stallman, read words from interesting people, Raymond, Perkins, Searles, Lessig, Doctorow, many others!

Linus did all of tech one hell of a solid and here we are able to literally dumpster dive and build whatever we want just because we can. Awesome sauce in a jar right there

, but!

(And this really matters)

...Linux just is not going to be the general answer for ordinary people. At least not yet. Maybe it will be soon.

It is an answer in the form of a crude check and balance against those in power. Remember the "something shall be done" people? Yeah, those guys.

And here we are back to Apple.

Now, given the context I put here, Apple has ended up really important. Working professionals stand something of a chance choosing Mac OS rather than be forced into Windows 11, transparent edition!

And Apple does not appear willing to work against their users best interests, unless they are both compelled to by law, and have lost important challenges to said law.

If you want that, your choices are Apple and Linux!

7. Open, general purpose computing is under threat. Just watch what happens with Arm PC devices and the locked bootloaders to follow just like mobile devices.

Strangely, I find myself wanting to build a really nice Intel PC while I still can do that and actually own it and stand some basic chance of knowing most of what it doing for me. Or TO ME.

No Joke!

As I move off Win 10, it will be onto Linux and Mac OS. Yeah, hardware costs a bit more, and yeah it needs to be further reverse engineered for Linux to run on it too, but Apple does not appear to get in the way of all that. They also do not need to help and generally don't. Otherwise, the Linux work is getting done by great people we all really should recognize and be thankful for.

That dynamic is OK with me too. It is a sort of harsh mutual respect. Apple gets to be Apple and we all get to be who we are and do what we all do with general purpose computers as originally envisioned long ago.

We all can live pretty easily with that.

So, onward we go! This interesting time will prove to be more dangerous than it needs to be.

If it were not for Apple carving out a clear alternative things would look considerably more draconian, I could and maybe almost should say fascist and to me completely unacceptable.

[noufalibrahim]

As someone who cut his teeth on computing in the era you refer to, I have a small disagreement about Linux (especially Ubuntu) in your statement.

Apple is priced beyond the reach of many "ordinary people" especially outside the western markets. A cheap (perhaps after market) laptop with Ubuntu on it (often installed by the seller) is something that has been getting a lot of traction among regular users. Most of the things they do are via. a browser so as long as Chrome/FF works, they're good. They often install software that undermines the security that the platform natively offers but still, it's a pretty decent compromise.

[ddingus]

Is it this part?

>Linux just is not going to be the general answer for ordinary people.

It so, I hear you. A decade or more ago, I had Ubuntu running as a general use machine for family and friends use.

It seemed almost there back then, and I saw some success.

Today it would be better, yes? I think so

Fact is, it often takes someone doing support to have it work well, and when that is gone, the software slips behind leaving users to get help.

Today, the numbers are much better. That happens less, but still does happen.

Your point on browser apps is solid. I agree, but those come with their own problems.

I see the most success when I set one up, including Void Tools, many visits to FossHUB...

When done, no network needed and one has a GREAT machine, ready for many tasks!

Both ways have merit and the more the merrier!

[noufalibrahim]

Yeah. It's a mixed bag for sure. However, the situation on the ground, where I am, looks like it's becoming a semi-mainstream platform.

[ddingus]

Well, perhaps we are not so far apart on this.

Your news bolsters the "soon" in my comment above.

I am quite happy to be proven wrong.

[maeil]

> Apple is priced beyond the reach of many "ordinary people" especially outside the western markets.

Used, great condition M1 Airs go for ~$450 around here and will last longer than anything Intel or AMD-based for that price, whether new or used.

[doublepg23]

I was under the impression most of the “global poor” have a smart phone as their main computing device.

[ddingus]

Indeed.

You know I decided to take my old note 8 for a test drive as a PC of sorts. Went ahead and purchased one of those USB 3 port bricks so I could hook up a nice display, keyboard, mouse, removable storage.

Samsung Dex popped up and it works mostly!

I found one could do quite a lot.

That is not the way I would go, but if I had to? Bring it! Plenty can be done, good skills learned.

[ddingus]

I agree with you about Apple hardware, BTW.

Fact is, large numbers of people will just end up on Windows 11 :(

[noufalibrahim]

Cheap IBM compatibles and pirated DOS were the entry points to computing for many people back in the day. History repeats itself. :)

[re5i5tor]

Thank you, this crystallized a lot for me.

[ddingus]

It is nice when that happens. Of course, you are welcome.

If you don't mind sharing your take, what firmed up, I would read it with great interest!

[127]

>safely

There is that word again. Favorite tool of tyrants.

[ddingus]

Yes. I agree with you, just so we are clear.

[m463]

> I run a whole bunch of non-app-store binaries every single day

if you are in the US, you need to either register as a developer, or register an apple id and register your app to run it for a week. that's how you run non-app store code. Both of those require permission from apple.

EDIT: Sorry, ios.

[tra3]

This is completely incorrect. You can download a random binary and execute it. You will get a warning dialog saying it’s not signed by a known developer. You are free to ignore that though.

[m463]

I'm sorry, I was thinking phone in previous comment. Yes, you can run binaries on macos with fiddling (but my comment does apply to ios)

[dadbod80]

Not ‘with fiddling’ — you can run any software you want on MacOS without altering or adjusting anything.

[doix]

Depends what you mean by fiddling. But I'm in the process of switching to mac from Linux because my new job has forced it upon me.

I tried installing "Flameshot" via homebrew and it wouldn't run until I went into Finder, right clicked it and clicked open. Luckily it's mentioned in their docs [0] or I would have never guessed to do this.

[0] https://flameshot.org/docs/installation/installation-osx/

[dadbod80]

I use homebrew every day and have never encountered this. Sounds like an issue with how the software has been packaged.

I also notice two other installation options in your link that do not come with those additional instructions — which to me suggests with whatever they’re doing on homebrew.

[ddingus]

That is not the same thing

If I were you, I would relax. At least you are not being shoved onto Win 11.

And then think about that. Seriously. I did. Have a few times off and on over the years as we sink into this mess.

I bet you find an OS that does a bit more than you may otherwise prefer to prevent trouble. If so, fair call in my book.

Just how big of a deal is that?

Compared to Android, Windows 10 and tons of network services and such and what they do not do FOR you, and instead do TO you.

And you can run a respectable and useful installation of Linux on that spiffy Apple hardware when it gets old. So make sure it gets old, know what I mean?

It could all be way worse.

[ddingus]

Nope. A user can just run them if they want to. It is not a big deal.

[ido]

It’s not “a big deal” if the user knows about, but the phrasing in macOS is maliciously bad - I sent a build from my machine to a coworker and when they “naively” ran it, the pop up that came up didn’t say “this program is unsigned” it said “this program is damaged and will now be deleted” (I don’t remember the exact phrasing but it made it sound like a virus or damaged download, not like an unsigned program).

[ddingus]

I don't know about that. Or at least, I won't say they are bad

There are sets of deep roots in play here.

Phrasing struggles are rooted in the differences in these systems, and unless we have spent time in each, struggle seems likely.

That said, I spent time on the Apple side of the computing house early on... I know it helps.